vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-19 16:28:13 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Rework flow breed (#2926)

Browse source 
Right now, there is, in essence, a static mapping between flow protocols
and flow breeds.
Make it dynamic: allow to have different flows, with the same
classification but differents breeds. This is the same logic that we
already have for categories....

Preliminary work to support breed in category lists.

API change from the app POV: to get the flow breed don't use anymore
`ndpi_get_proto_breed()`, but access directly `struct ndpi_proto->breed`

The functions `ndpi_domain_classify_*()` and
`ndpi_get_host_domain_suffix()` now have a `u_int32_t` parameter as
`class_id` (instead of `u_int_16_t`), with the following logic:
```
class_id = (breed << 16) | category
```
instead of the old:
```
class_id = category
```
Please note that this change is back-compatible: if you are not
interested into breeds, you don't need to update the application code.
This commit is contained in:
Ivan Nardi 2025-09-02 16:54:34 +02:00 committed by GitHub
parent 8640bd6d76
commit efccc7d5e4
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
98 changed files with 849 additions and 718 deletions
Download patch file Download diff file Expand all files Collapse all files

82
example/ndpiReader.c
View file

@ -2025,8 +2025,7 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa
flow->detected_protocol.category),
(unsigned int)flow->detected_protocol.category);
breed = ndpi_get_proto_breed(ndpi_thread_info[thread_id].workflow->ndpi_struct,
ndpi_get_upper_proto(flow->detected_protocol));
breed = flow->detected_protocol.breed;
fprintf(out, "[Breed: %s]", ndpi_get_proto_breed_name(breed));
fprintf(out, "[%u pkts/%llu bytes ", flow->src2dst_packets, (long long unsigned int) flow->src2dst_bytes);
@ -2545,6 +2544,7 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept
struct ndpi_flow_info *flow = *(struct ndpi_flow_info **) node;
u_int16_t thread_id = *((u_int16_t *) user_data), proto, fpc_proto;
ndpi_protocol_category_t category;
ndpi_protocol_breed_t breed;
(void)depth;
@ -2571,6 +2571,7 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept
fpc_proto = ndpi_map_user_proto_id_to_ndpi_id(ndpi_thread_info[thread_id].workflow->ndpi_struct, fpc_proto);
category = flow->detected_protocol.category;
breed = flow->detected_protocol.breed;
ndpi_thread_info[thread_id].workflow->stats.protocol_counter[proto] += flow->src2dst_packets + flow->dst2src_packets;
ndpi_thread_info[thread_id].workflow->stats.protocol_counter_bytes[proto] += flow->src2dst_bytes + flow->dst2src_bytes;
@ -2584,6 +2585,9 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept
ndpi_thread_info[thread_id].workflow->stats.category_counter[category] += flow->src2dst_packets + flow->dst2src_packets;
ndpi_thread_info[thread_id].workflow->stats.category_counter_bytes[category] += flow->src2dst_bytes + flow->dst2src_bytes;
ndpi_thread_info[thread_id].workflow->stats.category_flows[category]++;
ndpi_thread_info[thread_id].workflow->stats.breed_counter[breed] += flow->src2dst_packets + flow->dst2src_packets;
ndpi_thread_info[thread_id].workflow->stats.breed_counter_bytes[breed] += flow->src2dst_bytes + flow->dst2src_bytes;
ndpi_thread_info[thread_id].workflow->stats.breed_flows[breed]++;
}
}
@ -4097,9 +4101,6 @@ static void printResults(u_int64_t processing_time_usec, u_int64_t setup_time_us
u_int32_t avg_pkt_size = 0;
int thread_id;
char buf[32];
long long unsigned int breed_stats_pkts[NUM_BREEDS] = { 0 };
long long unsigned int breed_stats_bytes[NUM_BREEDS] = { 0 };
long long unsigned int breed_stats_flows[NUM_BREEDS] = { 0 };
/* In ndpiReader all the contexts have the same configuration */
if (!cumulative_stats_initialized) {
@ -4146,6 +4147,12 @@ static void printResults(u_int64_t processing_time_usec, u_int64_t setup_time_us
cumulative_stats.category_flows[i] += ndpi_thread_info[thread_id].workflow->stats.category_flows[i];
}
for(i = 0; i < NDPI_NUM_BREEDS; i++) {
cumulative_stats.breed_counter[i] += ndpi_thread_info[thread_id].workflow->stats.breed_counter[i];
cumulative_stats.breed_counter_bytes[i] += ndpi_thread_info[thread_id].workflow->stats.breed_counter_bytes[i];
cumulative_stats.breed_flows[i] += ndpi_thread_info[thread_id].workflow->stats.breed_flows[i];
}
cumulative_stats.ndpi_flow_count += ndpi_thread_info[thread_id].workflow->stats.ndpi_flow_count;
cumulative_stats.flow_count[0] += ndpi_thread_info[thread_id].workflow->stats.flow_count[0];
cumulative_stats.flow_count[1] += ndpi_thread_info[thread_id].workflow->stats.flow_count[1];
@ -4514,14 +4521,9 @@ static void printResults(u_int64_t processing_time_usec, u_int64_t setup_time_us
if(!quiet_mode) printf("\n\nDetected protocols:\n");
for(i = 0; i < cumulative_stats.num_protocols; i++) {
ndpi_protocol_breed_t breed = ndpi_get_proto_breed(ndpi_thread_info[0].workflow->ndpi_struct,
ndpi_map_ndpi_id_to_user_proto_id(ndpi_thread_info[0].workflow->ndpi_struct, i));
if(cumulative_stats.protocol_counter[i] > 0 ||
(dump_fpc_stats && cumulative_stats.fpc_protocol_counter[i] > 0)) {
breed_stats_bytes[breed] += (long long unsigned int)cumulative_stats.protocol_counter_bytes[i];
breed_stats_pkts[breed] += (long long unsigned int)cumulative_stats.protocol_counter[i];
breed_stats_flows[breed] += (long long unsigned int)cumulative_stats.protocol_flows[i];
if(results_file) {
fprintf(results_file, "%s\t%llu\t%llu\t%u",
@ -4573,22 +4575,26 @@ static void printResults(u_int64_t processing_time_usec, u_int64_t setup_time_us
if(!quiet_mode) {
printf("\n\nProtocol statistics:\n");
for(i=0; i < NUM_BREEDS; i++) {
if(breed_stats_pkts[i] > 0) {
for(i=0; i < NDPI_NUM_BREEDS; i++) {
if(cumulative_stats.breed_counter[i] > 0) {
printf("\t%-20s packets: %-13llu bytes: %-13llu "
"flows: %-13llu\n",
ndpi_get_proto_breed_name(i),
breed_stats_pkts[i], breed_stats_bytes[i], breed_stats_flows[i]);
(long long unsigned int)cumulative_stats.breed_counter[i],
(long long unsigned int)cumulative_stats.breed_counter_bytes[i],
(long long unsigned int)cumulative_stats.breed_flows[i]);
}
}
}
if(results_file) {
fprintf(results_file, "\n");
for(i=0; i < NUM_BREEDS; i++) {
if(breed_stats_pkts[i] > 0) {
for(i=0; i < NDPI_NUM_BREEDS; i++) {
if(cumulative_stats.breed_counter[i] > 0) {
fprintf(results_file, "%-20s %13llu %-13llu %-13llu\n",
ndpi_get_proto_breed_name(i),
breed_stats_pkts[i], breed_stats_bytes[i], breed_stats_flows[i]);
(long long unsigned int)cumulative_stats.breed_counter[i],
(long long unsigned int)cumulative_stats.breed_counter_bytes[i],
(long long unsigned int)cumulative_stats.breed_flows[i]);
}
}
}
@ -5648,14 +5654,14 @@ void rsiUnitTest() {
void hashUnitTest() {
ndpi_str_hash *h;
char * const dict[] = { "hello", "world", NULL };
u_int16_t i;
u_int32_t i;
assert(ndpi_hash_init(&h) == 0);
assert(h == NULL);
for(i=0; dict[i] != NULL; i++) {
u_int8_t l = strlen(dict[i]);
u_int16_t v;
u_int32_t v;
assert(ndpi_hash_add_entry(&h, dict[i], l, i) == 0);
assert(ndpi_hash_find_entry(h, dict[i], l, &v) == 0);
@ -6541,10 +6547,11 @@ void loadStressTest() {
for(i=1; i<100000; i++) {
char name[32];
ndpi_protocol_category_t id = NDPI_PROTOCOL_CATEGORY_MALWARE;
ndpi_protocol_breed_t breed = NDPI_PROTOCOL_SAFE;
u_int8_t value = (u_int8_t)i;
snprintf(name, sizeof(name), "%d.com", i);
ndpi_load_hostname_category(ndpi_struct_shadow, name, id);
ndpi_load_hostname_category(ndpi_struct_shadow, name, id, breed);
snprintf(name, sizeof(name), "%u.%u.%u.%u", value, value, value, value);
ndpi_load_ip_category(ndpi_struct_shadow, name, id, (void *)"My list");
@ -6669,10 +6676,11 @@ void encodeDomainsUnitTest() {
struct stat st;
if(stat(lists_path, &st) == 0) {
u_int16_t suffix_id;
u_int32_t suffix_id;
char out[256];
char *str;
ndpi_protocol_category_t id;
ndpi_protocol_breed_t breed;
assert(ndpi_load_domain_suffixes(ndpi_str, (char*)lists_path) == 0);
@ -6686,13 +6694,13 @@ void encodeDomainsUnitTest() {
assert(ndpi_load_categories_dir(ndpi_str, "../lists"));
assert(ndpi_load_categories_file(ndpi_str, "./categories.txt", "categories.txt"));
str = (char*)"2001:db8:1::1"; assert(ndpi_get_custom_category_match(ndpi_str, str, strlen(str), &id) == 0); assert(id == 100);
str = (char*)"www.internetbadguys.com"; assert(ndpi_get_custom_category_match(ndpi_str, str, strlen(str), &id) == 0); assert(id == 100);
str = (char*)"0grand-casino.com"; assert(ndpi_get_custom_category_match(ndpi_str, str, strlen(str), &id) == 0); assert(id == 107);
str = (char*)"222.0grand-casino.com"; assert(ndpi_get_custom_category_match(ndpi_str, str, strlen(str), &id) == 0); assert(id == 107);
str = (char*)"10bet.com"; assert(ndpi_get_custom_category_match(ndpi_str, str, strlen(str), &id) == 0); assert(id == 107);
str = (char*)"www.ntop.org"; assert(ndpi_get_custom_category_match(ndpi_str, str, strlen(str), &id) == -1); assert(id == 0);
str = (char*)"lifyqyi.com"; assert(ndpi_get_custom_category_match(ndpi_str, str, strlen(str), &id) == 0); assert(id == 100);
str = (char*)"2001:db8:1::1"; assert(ndpi_get_custom_category_match(ndpi_str, str, strlen(str), &id, &breed) == 0); assert(id == 100);
str = (char*)"www.internetbadguys.com"; assert(ndpi_get_custom_category_match(ndpi_str, str, strlen(str), &id, &breed) == 0); assert(id == 100);
str = (char*)"0grand-casino.com"; assert(ndpi_get_custom_category_match(ndpi_str, str, strlen(str), &id, &breed) == 0); assert(id == 107);
str = (char*)"222.0grand-casino.com"; assert(ndpi_get_custom_category_match(ndpi_str, str, strlen(str), &id, &breed) == 0); assert(id == 107);
str = (char*)"10bet.com"; assert(ndpi_get_custom_category_match(ndpi_str, str, strlen(str), &id, &breed) == 0); assert(id == 107);
str = (char*)"www.ntop.org"; assert(ndpi_get_custom_category_match(ndpi_str, str, strlen(str), &id, &breed) == -1); assert(id == 0);
str = (char*)"lifyqyi.com"; assert(ndpi_get_custom_category_match(ndpi_str, str, strlen(str), &id, &breed) == 0); assert(id == 100);
}
ndpi_exit_detection_module(ndpi_str);
@ -6718,7 +6726,7 @@ void domainsUnitTest() {
struct stat st;
if(stat(lists_path, &st) == 0) {
u_int16_t suffix_id;
u_int32_t suffix_id;
assert(ndpi_load_domain_suffixes(ndpi_str, (char*)lists_path) == 0);
@ -6748,7 +6756,7 @@ void domainsUnitTest() {
void domainSearchUnitTest() {
ndpi_domain_classify *sc = ndpi_domain_classify_alloc();
char *domain = "ntop.org";
u_int16_t class_id;
u_int32_t class_id;
struct ndpi_detection_module_struct *ndpi_str = ndpi_init_detection_module(NULL);
u_int8_t trace = 0;
@ -6757,18 +6765,20 @@ void domainSearchUnitTest() {
assert(ndpi_finalize_initialization(ndpi_str) == 0);
ndpi_domain_classify_add(ndpi_str, sc, NDPI_PROTOCOL_NTOP, ".ntop.org");
ndpi_domain_classify_add(ndpi_str, sc, NDPI_PROTOCOL_NTOP, domain);
ndpi_domain_classify_add(ndpi_str, sc, (NDPI_PROTOCOL_SAFE << 16) | NDPI_PROTOCOL_NTOP, ".ntop.org");
ndpi_domain_classify_add(ndpi_str, sc, (NDPI_PROTOCOL_SAFE << 16) | NDPI_PROTOCOL_NTOP, domain);
assert(ndpi_domain_classify_hostname(ndpi_str, sc, &class_id, domain));
assert(class_id == NDPI_PROTOCOL_NTOP);
assert((class_id & 0xFFFF) == NDPI_PROTOCOL_NTOP);
assert(((class_id & 0xFFFF0000) >> 16) == NDPI_PROTOCOL_SAFE);
ndpi_domain_classify_add(ndpi_str, sc, NDPI_PROTOCOL_CATEGORY_GAMBLING, "123vc.club");
ndpi_domain_classify_add(ndpi_str, sc, (NDPI_PROTOCOL_UNSAFE << 16) | NDPI_PROTOCOL_CATEGORY_GAMBLING, "123vc.club");
assert(ndpi_domain_classify_hostname(ndpi_str, sc, &class_id, "123vc.club"));
assert(class_id == NDPI_PROTOCOL_CATEGORY_GAMBLING);
assert((class_id & 0xFFFF) == NDPI_PROTOCOL_CATEGORY_GAMBLING);
assert(((class_id & 0xFFFF0000) >> 16) == NDPI_PROTOCOL_UNSAFE);
/* Subdomain check */
assert(ndpi_domain_classify_hostname(ndpi_str, sc, &class_id, "blog.ntop.org"));
assert(class_id == NDPI_PROTOCOL_NTOP);
assert((class_id & 0xFFFF) == NDPI_PROTOCOL_NTOP);
u_int32_t s = ndpi_domain_classify_size(sc);
if(trace) printf("ndpi_domain_classify size: %u \n",s);
@ -6783,7 +6793,7 @@ void domainSearchUnitTest() {
void domainSearchUnitTest2() {
struct ndpi_detection_module_struct *ndpi_str = ndpi_init_detection_module(NULL);
ndpi_domain_classify *c = ndpi_domain_classify_alloc();
u_int16_t class_id = 9;
u_int32_t class_id = 9;
assert(ndpi_str);
assert(c);

3
example/reader_util.h
View file

@ -381,6 +381,9 @@ typedef struct ndpi_stats {
u_int64_t category_counter[NDPI_PROTOCOL_NUM_CATEGORIES];
u_int64_t category_counter_bytes[NDPI_PROTOCOL_NUM_CATEGORIES];
u_int32_t category_flows[NDPI_PROTOCOL_NUM_CATEGORIES];
u_int64_t breed_counter[NDPI_NUM_BREEDS];
u_int64_t breed_counter_bytes[NDPI_NUM_BREEDS];
u_int32_t breed_flows[NDPI_NUM_BREEDS];
u_int32_t ndpi_flow_count;
u_int32_t flow_count[3];
u_int64_t tcp_count, udp_count;

2
fuzz/fuzz_config.cpp
View file

@ -738,7 +738,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
struct in_addr pin;
struct in6_addr pin6;
u_int16_t suffix_id;
u_int32_t suffix_id;
pin.s_addr = fuzzed_data.ConsumeIntegral<u_int32_t>();
ndpi_network_port_ptree_match(ndpi_info_mod, &pin, fuzzed_data.ConsumeIntegral<u_int16_t>());

4
fuzz/fuzz_ds_domain_classify.cpp
View file

@ -21,7 +21,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
u_int16_t i, num_iteration, is_added = 0;
bool rc;
ndpi_domain_classify *d;
u_int16_t class_id;
u_int32_t class_id;
std::string value, value_added;
/* We don't need a complete (and costly to set up) context!
@ -47,7 +47,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
for (i = 0; i < num_iteration; i++) {
value = fuzzed_data.ConsumeBytesAsString(fuzzed_data.ConsumeIntegral<u_int8_t>());
class_id = fuzzed_data.ConsumeIntegral<u_int16_t>();
class_id = fuzzed_data.ConsumeIntegral<u_int32_t>();
rc = ndpi_domain_classify_add(fuzzed_data.ConsumeBool() ? ndpi_struct : NULL,
d, class_id, (char*)value.c_str());

7
fuzz/fuzz_ds_hash.cpp
View file

@ -8,7 +8,8 @@
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
FuzzedDataProvider fuzzed_data(data, size);
u_int16_t value16, i, rc, num_iteration, data_len, is_added = 0;
u_int16_t i, rc, num_iteration, data_len, is_added = 0;
u_int32_t value32;
std::vector<char>value_added;
ndpi_str_hash *h = NULL;
@ -44,11 +45,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
data_len = fuzzed_data.ConsumeIntegralInRange(0, 127);
std::vector<char>data = fuzzed_data.ConsumeBytes<char>(data_len);
ndpi_hash_find_entry(h, data.data(), data.size(), &value16);
ndpi_hash_find_entry(h, data.data(), data.size(), &value32);
}
/* Search of an added entry */
if (is_added) {
ndpi_hash_find_entry(h, value_added.data(), value_added.size(), &value16);
ndpi_hash_find_entry(h, value_added.data(), value_added.size(), &value32);
}
if (fuzzed_data.ConsumeBool())

25
src/include/ndpi_api.h
View file

@ -938,9 +938,11 @@ extern "C" {
const char *ip_address_and_mask, ndpi_protocol_category_t category,
void *user_data);
int ndpi_load_hostname_category(struct ndpi_detection_module_struct *ndpi_struct,
const char *name_to_add, ndpi_protocol_category_t category);
const char *name_to_add, ndpi_protocol_category_t category,
ndpi_protocol_breed_t breed);
int ndpi_load_category(struct ndpi_detection_module_struct *ndpi_struct,
const char *ip_or_name, ndpi_protocol_category_t category,
ndpi_protocol_breed_t breed,
void *user_data);
int ndpi_enable_loaded_categories(struct ndpi_detection_module_struct *ndpi_struct);
void* ndpi_find_ipv4_category_userdata(struct ndpi_detection_module_struct *ndpi_str,
@ -957,13 +959,12 @@ extern "C" {
struct in6_addr *saddr, struct in6_addr *daddr,
ndpi_protocol *ret);
int ndpi_match_custom_category(struct ndpi_detection_module_struct *ndpi_struct,
char *name, u_int name_len, ndpi_protocol_category_t *id);
void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
ndpi_protocol *ret);
char *name, u_int name_len, ndpi_protocol_category_t *id,
ndpi_protocol_breed_t *breed);
int ndpi_get_custom_category_match(struct ndpi_detection_module_struct *ndpi_struct,
char *name_or_ip, u_int name_len,
ndpi_protocol_category_t *id);
ndpi_protocol_category_t *category,
ndpi_protocol_breed_t *breed);
u_int16_t ndpi_map_user_proto_id_to_ndpi_id(struct ndpi_detection_module_struct *ndpi_str,
u_int16_t user_proto_id);
@ -1970,7 +1971,7 @@ extern "C" {
* @return 0 if an entry with that key was found, 1 otherwise
*
*/
int ndpi_hash_find_entry(ndpi_str_hash *h, char *key, u_int key_len, u_int16_t *value);
int ndpi_hash_find_entry(ndpi_str_hash *h, char *key, u_int key_len, u_int32_t *value);
/**
* Add an entry to the hashmap.
@ -1983,7 +1984,7 @@ extern "C" {
* @return 0 if the entry was added, 1 otherwise
*
*/
int ndpi_hash_add_entry(ndpi_str_hash **h, char *key, u_int8_t key_len, u_int16_t value);
int ndpi_hash_add_entry(ndpi_str_hash **h, char *key, u_int8_t key_len, u_int32_t value);
/* ******************************* */
@ -2108,14 +2109,14 @@ extern "C" {
u_int32_t ndpi_domain_classify_size(ndpi_domain_classify *s);
bool ndpi_domain_classify_add(struct ndpi_detection_module_struct *ndpi_mod,
ndpi_domain_classify *s,
u_int16_t class_id, char *domain);
u_int32_t class_id, char *domain);
u_int32_t ndpi_domain_classify_add_domains(struct ndpi_detection_module_struct *ndpi_mod,
ndpi_domain_classify *s,
u_int16_t class_id,
u_int32_t class_id,
char *file_path);
bool ndpi_domain_classify_hostname(struct ndpi_detection_module_struct *ndpi_mod,
ndpi_domain_classify *s,
u_int16_t *class_id /* out */,
u_int32_t *class_id /* out */,
char *hostname);
/* ******************************* */
@ -2192,7 +2193,7 @@ extern "C" {
*/
const char* ndpi_get_host_domain_suffix(struct ndpi_detection_module_struct *ndpi_str,
const char *hostname,
u_int16_t *suffix_id /* out */);
u_int32_t *suffix_id /* out */);
/**
* Returns the domain (including the TLS) suffix out of the specified hostname.

9
src/include/ndpi_private.h
View file

@ -45,6 +45,7 @@ typedef struct node_t {
typedef struct {
char *string_to_match;
ndpi_protocol_category_t protocol_category;
ndpi_protocol_breed_t protocol_breed;
} ndpi_category_match;
typedef struct {
@ -725,6 +726,14 @@ void proto_stack_reset(struct ndpi_proto_stack *s);
u_int8_t ndpi_is_valid_protoId(const struct ndpi_detection_module_struct *ndpi_str, u_int16_t protoId);
void ndpi_fill_protocol_category_and_breed(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
ndpi_protocol *ret);
ndpi_protocol_breed_t get_proto_breed(struct ndpi_detection_module_struct *ndpi_str,
ndpi_master_app_protocol proto);
ndpi_protocol_category_t get_proto_category(struct ndpi_detection_module_struct *ndpi_str,
ndpi_master_app_protocol proto);
/* TLS */
int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow, uint32_t quic_version);

9
src/include/ndpi_typedefs.h
View file

@ -1066,17 +1066,17 @@ typedef enum {
} ndpi_fpc_confidence_t;
typedef enum {
NDPI_PROTOCOL_SAFE = 0, /* Surely doesn't provide risks for the network. (e.g., a news site) */
NDPI_PROTOCOL_UNRATED = 0, /* No idea, not implemented or impossible to classify */
NDPI_PROTOCOL_SAFE, /* Surely doesn't provide risks for the network. (e.g., a news site) */
NDPI_PROTOCOL_ACCEPTABLE, /* Probably doesn't provide risks, but could be malicious (e.g., Dropbox) */
NDPI_PROTOCOL_FUN, /* Pure fun protocol, which may be prohibited by the user policy (e.g., Netflix) */
NDPI_PROTOCOL_UNSAFE, /* Probably provides risks, but could be a normal traffic. Unencrypted protocols with clear pass should be here (e.g., telnet) */
NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, /* Possibly dangerous (ex. Tor). */
NDPI_PROTOCOL_DANGEROUS, /* Surely is dangerous (ex. smbv1). Be prepared to troubles */
NDPI_PROTOCOL_TRACKER_ADS, /* Trackers, Advertisements... */
NDPI_PROTOCOL_UNRATED /* No idea, not implemented or impossible to classify */
} ndpi_protocol_breed_t;
#define NUM_BREEDS (NDPI_PROTOCOL_UNRATED+1)
#define NDPI_NUM_BREEDS (NDPI_PROTOCOL_TRACKER_ADS+1)
/*
Abstract categories to group the protocols.
@ -1285,9 +1285,11 @@ typedef struct ndpi_proto {
struct ndpi_proto_stack protocol_stack;
u_int16_t protocol_by_ip;
ndpi_protocol_category_t category;
ndpi_protocol_breed_t breed;
void *custom_category_userdata;
} ndpi_protocol;
#define NUM_CUSTOM_CATEGORIES 5
#define CUSTOM_CATEGORY_LABEL_LEN 32
@ -1414,6 +1416,7 @@ struct ndpi_flow_struct {
u_int64_t last_packet_time_ms;
ndpi_protocol_category_t category;
ndpi_protocol_breed_t breed;
/* Counters with only packets with L5 data (ie no TCP SYN, pure ACKs, ...) */
u_int16_t packet_counter;

386
src/lib/ndpi_content_match.c.inc
View file

@ -1602,255 +1602,255 @@ static ndpi_tls_cert_name_match tls_certificate_match [] = {
*/
static ndpi_category_match category_match[] = {
{ "edgecastcdn.net", NDPI_PROTOCOL_CATEGORY_MEDIA },
{ "hwcdn.net", NDPI_PROTOCOL_CATEGORY_MEDIA },
{ "llnwd.net", NDPI_PROTOCOL_CATEGORY_MEDIA },
{ "llns.net", NDPI_PROTOCOL_CATEGORY_MEDIA },
{ "fastly.net", NDPI_PROTOCOL_CATEGORY_MEDIA },
{ "jsdelivr.net", NDPI_PROTOCOL_CATEGORY_MEDIA },
{ "bootstrapcdn.com", NDPI_PROTOCOL_CATEGORY_MEDIA },
{ "cdn.optimizely.com", NDPI_PROTOCOL_CATEGORY_MEDIA },
{ "mncdn.com", NDPI_PROTOCOL_CATEGORY_MEDIA },
{ "vultr.com", NDPI_PROTOCOL_CATEGORY_CLOUD },
{ "baidu.com", NDPI_PROTOCOL_CATEGORY_WEB },
{ "icq.com", NDPI_PROTOCOL_CATEGORY_CHAT },
{ "quickplay.com", NDPI_PROTOCOL_CATEGORY_STREAMING },
{ "71.am", NDPI_PROTOCOL_CATEGORY_STREAMING },
{ "tcad.wedolook.com", NDPI_PROTOCOL_CATEGORY_STREAMING },
{ "rapidvideo.com", NDPI_PROTOCOL_CATEGORY_STREAMING },
{ "playercdn.net", NDPI_PROTOCOL_CATEGORY_STREAMING },
{ "showmax.com", NDPI_PROTOCOL_CATEGORY_STREAMING },
{ "showmax.akamaized.net", NDPI_PROTOCOL_CATEGORY_STREAMING },
{ "skyq.sky.com", NDPI_PROTOCOL_CATEGORY_STREAMING },
{ "iptv.sky.", NDPI_PROTOCOL_CATEGORY_STREAMING },
{ "pcdn.skycdn.", NDPI_PROTOCOL_CATEGORY_STREAMING },
{ "edgecastcdn.net", NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
{ "hwcdn.net", NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
{ "llnwd.net", NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
{ "llns.net", NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
{ "fastly.net", NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
{ "jsdelivr.net", NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
{ "bootstrapcdn.com", NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
{ "cdn.optimizely.com", NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
{ "mncdn.com", NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN },
{ "vultr.com", NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_FUN },
{ "baidu.com", NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN },
{ "icq.com", NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
{ "quickplay.com", NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
{ "71.am", NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
{ "tcad.wedolook.com", NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
{ "rapidvideo.com", NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
{ "playercdn.net", NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
{ "showmax.com", NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
{ "showmax.akamaized.net", NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
{ "skyq.sky.com", NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
{ "iptv.sky.", NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
{ "pcdn.skycdn.", NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
/* https://success.tanaza.com/s/article/How-Automatic-Detection-of-Captive-Portal-works */
{ "thinkdifferent.us", NDPI_PROTOCOL_CATEGORY_CONNECTIVITY_CHECK },
{ "airport.us", NDPI_PROTOCOL_CATEGORY_CONNECTIVITY_CHECK },
{ "detectportal.firefox.com", NDPI_PROTOCOL_CATEGORY_CONNECTIVITY_CHECK },
{ "connectivitycheck.platform.hicloud.com", NDPI_PROTOCOL_CATEGORY_CONNECTIVITY_CHECK },
{ "nmcheck.gnome.org", NDPI_PROTOCOL_CATEGORY_CONNECTIVITY_CHECK },
{ "thinkdifferent.us", NDPI_PROTOCOL_CATEGORY_CONNECTIVITY_CHECK, NDPI_PROTOCOL_SAFE },
{ "airport.us", NDPI_PROTOCOL_CATEGORY_CONNECTIVITY_CHECK, NDPI_PROTOCOL_SAFE },
{ "detectportal.firefox.com", NDPI_PROTOCOL_CATEGORY_CONNECTIVITY_CHECK, NDPI_PROTOCOL_SAFE },
{ "connectivitycheck.platform.hicloud.com", NDPI_PROTOCOL_CATEGORY_CONNECTIVITY_CHECK, NDPI_PROTOCOL_SAFE },
{ "nmcheck.gnome.org", NDPI_PROTOCOL_CATEGORY_CONNECTIVITY_CHECK, NDPI_PROTOCOL_SAFE },
{ "xvideos.", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "xvideos-games.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "xvideoslive.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "pornhub.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "pornhubselect.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "pornhubpremium.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "pornhublive.", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "transpornhublive.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "gaypornhublive.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "xnxx.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "xhamster.", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "realsrv.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "stripchat.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "stripcdn.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "spankbang.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "chaturbate.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "xhamster18.desi", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "zooxhamster.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "xhwebsite4.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "xhamstercreators.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "xhamstershop.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "pornmate.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "thebestfetishsites.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "thepornmap.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "mrstiff.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "porngeek.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "mrporngeek.", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "kink.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "xxxi.porn", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "mrpornlive.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "xnxx-games.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "onlyfans.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "twinrdsrv.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "livejasmin.", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "livejasminacademy.", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "livejasmincdn.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "mylivejasmin.org", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "dmm.co.jp", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "youporn.", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "xhamsterlive.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "bongacams.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "eporner.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "xvideos2.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "nhentai.net", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "ixxx.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "redtube.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "gayredtubelive.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "redtubelive.net", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "redtubeplatinum.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "cityheaven.net", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "missav.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "rule34.xxx", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "xnxx.tv", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "crjpgate.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "tnaflix.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "xlivrdr.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "dlsite.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "hqporner.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "youjizz.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "txxx.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "xvideos3.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "xxxnewvideos.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "ok.xxx", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "xnxx115.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "nutaku.net", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "sxyprn.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "brazzersnetwork.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "superchatlive.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "theporndude.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "fapello.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "hitomi.la", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "erome.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "kiynew.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "jerkmate.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "xnxx-cdn.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "xvideos-cdn.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "porndudecdn.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "xhcdn.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "phncdn.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "ypncdn.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "strpst.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "trafficjunky.net", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "afcdn.net", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "ktkjmp.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "xxxyouporn.me", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "youporngay.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "freeyoupornxnxx.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "youpornshop.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "youpornmate.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "youporninhd.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT },
{ "xvideos.", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "xvideos-games.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "xvideoslive.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "pornhub.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "pornhubselect.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "pornhubpremium.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "pornhublive.", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "transpornhublive.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "gaypornhublive.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "xnxx.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "xhamster.", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "realsrv.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "stripchat.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "stripcdn.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "spankbang.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "chaturbate.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "xhamster18.desi", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "zooxhamster.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "xhwebsite4.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "xhamstercreators.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "xhamstershop.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "pornmate.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "thebestfetishsites.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "thepornmap.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "mrstiff.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "porngeek.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "mrporngeek.", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "kink.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "xxxi.porn", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "mrpornlive.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "xnxx-games.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "onlyfans.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "twinrdsrv.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "livejasmin.", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "livejasminacademy.", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "livejasmincdn.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "mylivejasmin.org", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "dmm.co.jp", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "youporn.", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "xhamsterlive.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "bongacams.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "eporner.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "xvideos2.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "nhentai.net", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "ixxx.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "redtube.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "gayredtubelive.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "redtubelive.net", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "redtubeplatinum.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "cityheaven.net", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "missav.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "rule34.xxx", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "xnxx.tv", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "crjpgate.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "tnaflix.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "xlivrdr.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "dlsite.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "hqporner.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "youjizz.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "txxx.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "xvideos3.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "xxxnewvideos.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "ok.xxx", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "xnxx115.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "nutaku.net", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "sxyprn.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "brazzersnetwork.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "superchatlive.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "theporndude.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "fapello.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "hitomi.la", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "erome.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "kiynew.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "jerkmate.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "xnxx-cdn.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "xvideos-cdn.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "porndudecdn.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "xhcdn.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "phncdn.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "ypncdn.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "strpst.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "trafficjunky.net", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "afcdn.net", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "ktkjmp.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "xxxyouporn.me", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "youporngay.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "freeyoupornxnxx.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "youpornshop.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "youpornmate.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
{ "youporninhd.com", NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, NDPI_PROTOCOL_ACCEPTABLE },
/* Artificial Intelligence / LLM */
{ "deepseek.com", NDPI_PROTOCOL_CATEGORY_ARTIFICIAL_INTELLIGENCE },
{ "openai.com", NDPI_PROTOCOL_CATEGORY_ARTIFICIAL_INTELLIGENCE },
{ "chatgpt.com", NDPI_PROTOCOL_CATEGORY_ARTIFICIAL_INTELLIGENCE },
{ "gemini.google.com", NDPI_PROTOCOL_CATEGORY_ARTIFICIAL_INTELLIGENCE },
{ "notebooklm.google.com", NDPI_PROTOCOL_CATEGORY_ARTIFICIAL_INTELLIGENCE },
{ "claude.ai", NDPI_PROTOCOL_CATEGORY_ARTIFICIAL_INTELLIGENCE },
{ "perplexity.ai", NDPI_PROTOCOL_CATEGORY_ARTIFICIAL_INTELLIGENCE },
{ "ollama.com", NDPI_PROTOCOL_CATEGORY_ARTIFICIAL_INTELLIGENCE },
{ "huggingface.com", NDPI_PROTOCOL_CATEGORY_ARTIFICIAL_INTELLIGENCE },
{ "deepseek.com", NDPI_PROTOCOL_CATEGORY_ARTIFICIAL_INTELLIGENCE, NDPI_PROTOCOL_ACCEPTABLE },
{ "openai.com", NDPI_PROTOCOL_CATEGORY_ARTIFICIAL_INTELLIGENCE, NDPI_PROTOCOL_ACCEPTABLE },
{ "chatgpt.com", NDPI_PROTOCOL_CATEGORY_ARTIFICIAL_INTELLIGENCE, NDPI_PROTOCOL_ACCEPTABLE },
{ "gemini.google.com", NDPI_PROTOCOL_CATEGORY_ARTIFICIAL_INTELLIGENCE, NDPI_PROTOCOL_ACCEPTABLE },
{ "notebooklm.google.com", NDPI_PROTOCOL_CATEGORY_ARTIFICIAL_INTELLIGENCE, NDPI_PROTOCOL_ACCEPTABLE },
{ "claude.ai", NDPI_PROTOCOL_CATEGORY_ARTIFICIAL_INTELLIGENCE, NDPI_PROTOCOL_ACCEPTABLE },
{ "perplexity.ai", NDPI_PROTOCOL_CATEGORY_ARTIFICIAL_INTELLIGENCE, NDPI_PROTOCOL_ACCEPTABLE },
{ "ollama.com", NDPI_PROTOCOL_CATEGORY_ARTIFICIAL_INTELLIGENCE, NDPI_PROTOCOL_ACCEPTABLE },
{ "huggingface.com", NDPI_PROTOCOL_CATEGORY_ARTIFICIAL_INTELLIGENCE, NDPI_PROTOCOL_ACCEPTABLE },
/* Same games. We don't have yet (or we don't want...) specific ID for this stuff */
{ "callofduty.com", NDPI_PROTOCOL_CATEGORY_GAME },
{ "king.com", NDPI_PROTOCOL_CATEGORY_GAME },
{ "supercell.com", NDPI_PROTOCOL_CATEGORY_GAME },
{ "callofduty.com", NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN },
{ "king.com", NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN },
{ "supercell.com", NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN },
/* ADS & Tracking & Analytics */
/* Chartbeat is a technology company that provides data and analytics to global publishers */
{ "chartbeat.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "chartbeat.net", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "chartbeat.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
{ "chartbeat.net", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* Httppool is a global cross-channel advertising network */
{ "httpool.", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "httpool.", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* Simplifi Holdings is a company that provides online advertising services */
{ "simpli.fi", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "simpli.fi", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* Admixer Technologies is a company that develops and maintains products in the field of digital advertising management */
{ "admixer.", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "admixer.", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* AppDynamics by Cisco */
{ "appdynamics.", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "eum-appdynamics.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "appdynamics.", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
{ "eum-appdynamics.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* Smaato is a digital ad tech platform and ad server */
{ "smaato.net", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "smaato.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "smaato.net", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
{ "smaato.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* MoPub, a Twitter company, provides monetization solutions */
{ "mopub.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "mopub.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* AppsFlyer is a SaaS mobile marketing analytics and attribution platform */
{ "appsflyer.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "appsflyersdk.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "appsflyer.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
{ "appsflyersdk.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* Adjust is the mobile marketing platform for marketers around the world */
{ "adjust.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "adjust.net.in", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "adjust.world", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "adjust.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
{ "adjust.net.in", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
{ "adjust.world", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* Helpshift enables brands to deliver superior digital customer service digital channels*/
{ "helpshift.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "helpshift.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* AppLovin is a mobile marketing platform */
{ "applovin.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "applovin.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* AdRight is an innovative online advertising network */
{ "adright.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "adright.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* MGID: Native Visitors Acquisition for Advertisers */
{ "mgid.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "mgid.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* InMobi is the world's leading mobile marketing and advertising platform provider */
{ "inmobi.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "inmobi.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* AdColony - Elevating mobile advertising */
{ "adcolony.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "adcolony.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* Supersonicads: App monetization done right */
{ "supersonicads.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "supersonicads.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* Criteo is an advertising company that provides online display advertisements */
{ "criteo.net", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "criteo.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "criteo.net", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
{ "criteo.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* Flurry is an American mobile analytics, monetization, and advertising company */
{ "flurry.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "flurry.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* Taboola is the world's leading discovery & native advertising platform */
{ "taboola.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "taboola.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* Market research community, a leading global market research effort that studies and reports on Internet trends and behavior. */
{ "scorecardresearch.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "scorecardresearch.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* Magnite Inc. (formerly Rubicon Project) is an American online advertising technology firm */
{ "rubiconproject.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "rubiconproject.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* Adnxs.com is run by AppNexus, a company that provides technology, data and analytics to help companies buy and sell online display advertising */
{ "adnxs.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "adnxs.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* PubMatic, Inc. is a company that develops and implements online advertising software */
{ "pubmatic.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "pubmatic.co.jp", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "pubmatic.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
{ "pubmatic.co.jp", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* “OpenXs unified monetization platform */
{ "openx.net", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "openx.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "servedbyopenx.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "openx.net", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
{ "openx.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
{ "servedbyopenx.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* AddThis share buttons, targeting tools and content recommendations help you get more likes, shares and followers */
{ "addthis.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "addthisedge.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "addthis.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
{ "addthisedge.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* NEXAGE offers a mobile advertising platform that provides private and public exchanges */
{ "nexage.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "nexage.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* RadiumOne (formerly GWallet) is a digital advertising company */
{ "gwallet.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "gwallet.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* Kochava is the industry leader for mobile app attribution and mobile app analytics */
{ "kochava.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "kochava.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* Adobe analytics */
{ "assets.adobedtm.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "commerce.adobedtm.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "assets.adobedtm.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
{ "commerce.adobedtm.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* Chartboost is a San Francisco-based mobile game in-app programmatic advertising and monetization platform */
{ "chartboost.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "chartboost.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* Vungle is an ad network */
{ "vungle.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "vungle.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* Adkernel offers technological solutions catering to digital advertising publishers, advertisers, exchanges, and networks */
{ "adkernel.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "adkernel.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* Adform serves as a unified advertising platform that integrates various aspects of digital advertising */
{ "adform.net", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "adform.net", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* Lemma develops integrated platforms and solutions for efficient campaign management and high-performance advertising */
{ "lemmatechnologies.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "lemmatechnologies.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* Vidoomy is a company that focuses on Digital Video Advertising expertise. */
{ "vidoomy.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "vidoomy.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* StackAdapt is a self-serve programmatic advertising platform preferred by top-tier digital marketers */
{ "stackadapt.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "stackadapt.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* Hotjar stands as an all-in-one platform that combines digital experience insights and behavior analytics */
{ "hotjar.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "hotjar.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* New Relic is a company headquartered in the United States that specializes in web tracking and analytics. */
{ "newrelic.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "newrelic.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* Unruly is a London-based ad tech company that maximizes video viewership and sharing across the Open Web. */
{ "unrulymedia.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "unrulymedia.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* TV Squared Inc. offers a TV attribution modeling platform, providing a cloud-based software platform for measuring, optimizing, and enhancing television advertising campaigns. */
{ "tvsquared.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "tvsquared.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* Mixpanel facilitates global data analysis by offering event analytics, enabling valuable insights to be derived from data. */
{ "mixpanel.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "mixpanel.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* Equativ (formerly known as Smart AdServer) is a French advertising technology company */
{ "smartadserver.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "smartadserver.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* Twitter ADS */
{ "ads-twitter.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "ads-twitter.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* TANX (Taobao Ad Network and Exchange) is an advertising and marketing platform based in China */
{ "tanx.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "tanx.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* Optimove is a marketing and customer relationship management (CRM) platform that specializes in customer retention and marketing automation. The company acquired Kumulos in 2022. */
{ "optimove.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "optimove.net", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "optimove.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
{ "optimove.net", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* Moloco offers programmatic advertising solutions to help optimize the client's acquisition, retention, and monetization campaigns */
{ "adsmoloco.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "moloco.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "adsmoloco.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
{ "moloco.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* The Unity Ads SDK provides a comprehensive monetization framework for your game, whether you develop in Unity, Xcode, or Android Studio */
{ "unityads.unity3d.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "iads.unity3d.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "unityads.unity3d.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
{ "iads.unity3d.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
/* Amazon Ads helps you reach customers at scale through full-funnel advertising across streaming, shopping, and everything in-between */
{ "amazon-adsystem.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT },
{ "amazon-adsystem.com", NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS },
{ NULL, 0 }
{ NULL, 0, NDPI_PROTOCOL_SAFE }
};

6
src/lib/ndpi_domain_classify.c
View file

@ -73,7 +73,7 @@ u_int32_t ndpi_domain_classify_size(ndpi_domain_classify *s) {
bool ndpi_domain_classify_add(struct ndpi_detection_module_struct *ndpi_str,
ndpi_domain_classify *s,
u_int16_t class_id,
u_int32_t class_id,
char *domain) {
#ifdef ENCODE_DATA
u_int32_t out_len;
@ -107,7 +107,7 @@ bool ndpi_domain_classify_add(struct ndpi_detection_module_struct *ndpi_str,
u_int32_t ndpi_domain_classify_add_domains(struct ndpi_detection_module_struct *ndpi_mod,
ndpi_domain_classify *s,
u_int16_t class_id,
u_int32_t class_id,
char *file_path) {
u_int32_t num_added = 0;
char buf[256];
@ -148,7 +148,7 @@ u_int32_t ndpi_domain_classify_add_domains(struct ndpi_detection_module_struct *
bool ndpi_domain_classify_hostname(struct ndpi_detection_module_struct *ndpi_mod,
ndpi_domain_classify *s,
u_int16_t *class_id /* out */,
u_int32_t *class_id /* out */,
char *hostname) {
const char *dot;
char *item;

4
src/lib/ndpi_domains.c
View file

@ -93,7 +93,7 @@ int ndpi_load_domain_suffixes(struct ndpi_detection_module_struct *ndpi_str,
const char* ndpi_get_host_domain_suffix(struct ndpi_detection_module_struct *ndpi_str,
const char *hostname,
u_int16_t *domain_id /* out */) {
u_int32_t *domain_id /* out */) {
char *dot, *prev_dot;
if(!ndpi_str || !hostname || !domain_id)
@ -135,7 +135,7 @@ const char* ndpi_get_host_domain(struct ndpi_detection_module_struct *ndpi_str,
const char *hostname) {
const char *ret;
char *dot, *first_dc;
u_int16_t domain_id, len;
u_int32_t domain_id, len;
if(!ndpi_str || !hostname)
return NULL;

6
src/lib/ndpi_fingerprint.c
View file

@ -49,7 +49,7 @@ void ndpi_load_tcp_fingerprints(struct ndpi_detection_module_struct *ndpi_str) {
ndpi_os ndpi_get_os_from_tcp_fingerprint(struct ndpi_detection_module_struct *ndpi_str,
char *tcp_fingerprint) {
if(tcp_fingerprint && (ndpi_str->tcp_fingerprint_hashmap != NULL)) {
u_int16_t ret;
u_int32_t ret;
if(ndpi_hash_find_entry(ndpi_str->tcp_fingerprint_hashmap,
tcp_fingerprint, strlen(tcp_fingerprint), &ret) == 0)
@ -72,7 +72,7 @@ ndpi_os ndpi_get_os_from_tcp_fingerprint(struct ndpi_detection_module_struct *nd
int ndpi_add_tcp_fingerprint(struct ndpi_detection_module_struct *ndpi_str,
char *fingerprint, ndpi_os os) {
u_int len;
u_int16_t ret;
u_int32_t ret;
len = strlen(fingerprint);
@ -82,7 +82,7 @@ int ndpi_add_tcp_fingerprint(struct ndpi_detection_module_struct *ndpi_str,
return(-1);
} else {
if(ndpi_hash_add_entry(&ndpi_str->tcp_fingerprint_hashmap, fingerprint, len,
(u_int16_t)os) == 0) {
(u_int32_t)os) == 0) {
return(0);
} else
return(-2);

165
src/lib/ndpi_main.c
View file

@ -4849,10 +4849,11 @@ int ndpi_match_string_value(void *automa, char *string_to_match,
/* *********************************************** */
int ndpi_match_custom_category(struct ndpi_detection_module_struct *ndpi_str,
char *name, u_int name_len,
ndpi_protocol_category_t *category) {
char *name, u_int name_len,
ndpi_protocol_category_t *category,
ndpi_protocol_breed_t *breed) {
char buf[128];
u_int16_t class_id;
u_int32_t class_id;
u_int max_len = sizeof(buf)-1;
if(!ndpi_str->custom_categories.categories_loaded)
@ -4864,7 +4865,8 @@ int ndpi_match_custom_category(struct ndpi_detection_module_struct *ndpi_str,
if(ndpi_domain_classify_hostname(ndpi_str, ndpi_str->custom_categories.sc_hostnames,
&class_id, buf)) {
*category = (ndpi_protocol_category_t)class_id;
*category = (ndpi_protocol_category_t)(class_id & 0xFFFF);
*breed = (ndpi_protocol_breed_t)((class_id & 0xFFFF0000) >> 16);
return(0);
} else
return(-1); /* Not found */
@ -4874,7 +4876,8 @@ int ndpi_match_custom_category(struct ndpi_detection_module_struct *ndpi_str,
int ndpi_get_custom_category_match(struct ndpi_detection_module_struct *ndpi_str,
char *name_or_ip, u_int name_len,
ndpi_protocol_category_t *id) {
ndpi_protocol_category_t *category,
ndpi_protocol_breed_t *breed) {
char ipbuf[64], *ptr;
struct in_addr pin;
struct in6_addr pin6;
@ -4882,7 +4885,8 @@ int ndpi_get_custom_category_match(struct ndpi_detection_module_struct *ndpi_str
ndpi_patricia_node_t *node;
u_int cp_len = ndpi_min(sizeof(ipbuf) - 1, name_len);
*id = 0;
*category = NDPI_PROTOCOL_CATEGORY_UNSPECIFIED;
*breed = NDPI_PROTOCOL_ACCEPTABLE;
if(!ndpi_str->custom_categories.categories_loaded)
ndpi_enable_loaded_categories(ndpi_str);
@ -4908,7 +4912,8 @@ int ndpi_get_custom_category_match(struct ndpi_detection_module_struct *ndpi_str
node = ndpi_patricia_search_best(ndpi_str->custom_categories.ipAddresses, &prefix);
if(node) {
*id = node->value.u.uv32.user_value;
*category = node->value.u.uv32.user_value;
/* TODO: breed */
return(0);
}
return(-1);
@ -4919,13 +4924,14 @@ int ndpi_get_custom_category_match(struct ndpi_detection_module_struct *ndpi_str
node = ndpi_patricia_search_best(ndpi_str->custom_categories.ipAddresses6, &prefix);
if(node) {
*id = node->value.u.uv32.user_value;
*category = node->value.u.uv32.user_value;
/* TODO: breed */
return(0);
}
return(-1);
} else {
/* Search Host */
return(ndpi_match_custom_category(ndpi_str, name_or_ip, name_len, id));
return(ndpi_match_custom_category(ndpi_str, name_or_ip, name_len, category, breed));
}
}
@ -5434,10 +5440,13 @@ static int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_str,
subprotocol_id = ndpi_get_proto_by_name(ndpi_str, proto);
if(subprotocol_id == NDPI_PROTOCOL_UNKNOWN)
if(subprotocol_id == NDPI_PROTOCOL_UNKNOWN) {
def = NULL;
else
} else {
category = ndpi_str->proto_defaults[subprotocol_id].protoCategory;
breed = ndpi_str->proto_defaults[subprotocol_id].protoBreed;
def = &ndpi_str->proto_defaults[subprotocol_id];
}
if(def == NULL) {
ndpi_port_range ports_a[MAX_DEFAULT_PORTS], ports_b[MAX_DEFAULT_PORTS];
@ -5499,7 +5508,7 @@ static int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_str,
char *breed_value = &param[6];
const char *errstrp;
int breed_id = ndpi_strtonum(breed_value, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_UNRATED-1, &errstrp, 10);
int breed_id = ndpi_strtonum(breed_value, 0, NDPI_NUM_BREEDS-1, &errstrp, 10);
if(errstrp == NULL) {
breed = (ndpi_protocol_breed_t)breed_id;
} else {
@ -5783,6 +5792,7 @@ int load_categories_file_fd(struct ndpi_detection_module_struct *ndpi_str,
if(errstrp == NULL) {
int rc = ndpi_load_category(ndpi_str, name,
(ndpi_protocol_category_t)cat_id,
(ndpi_protocol_breed_t)NDPI_PROTOCOL_ACCEPTABLE /* TODO */,
user_data);
if(rc >= 0)
@ -5884,7 +5894,7 @@ int load_category_file_fd(struct ndpi_detection_module_struct *ndpi_str,
continue;
}
if(ndpi_load_category(ndpi_str, line, category_id, NULL) >= 0)
if(ndpi_load_category(ndpi_str, line, category_id, NDPI_PROTOCOL_ACCEPTABLE /* TODO */, NULL) >= 0)
num_loaded++;
}
@ -9081,6 +9091,7 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st
ret.protocol_stack = flow->protocol_stack;
ret.protocol_by_ip = flow->guessed_protocol_id_by_ip;
ret.category = flow->category;
ret.breed = flow->breed;
/* Ensure that we don't change our mind if detection is already complete */
if(ret.proto.app_protocol != NDPI_PROTOCOL_UNKNOWN) {
@ -9162,7 +9173,7 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st
if(ret.proto.app_protocol != NDPI_PROTOCOL_UNKNOWN) {
*protocol_was_guessed = 1;
ndpi_fill_protocol_category(ndpi_str, flow, &ret);
ndpi_fill_protocol_category_and_breed(ndpi_str, flow, &ret);
}
/* Reason: public "ndpi_detection_giveup" */
@ -9252,23 +9263,27 @@ int ndpi_load_ip_category(struct ndpi_detection_module_struct *ndpi_str,
int ndpi_load_hostname_category(struct ndpi_detection_module_struct *ndpi_str,
const char *name_to_add,
ndpi_protocol_category_t category) {
ndpi_protocol_category_t category,
ndpi_protocol_breed_t breed) {
if(ndpi_str->custom_categories.sc_hostnames_shadow == NULL)
return(-1);
return(ndpi_domain_classify_add(ndpi_str, ndpi_str->custom_categories.sc_hostnames_shadow,
(u_int16_t)category, (char*)name_to_add) ? 0 : -1);
(breed & 0xFFFF) << 16 | (category & 0xFFFF),
(char*)name_to_add) ? 0 : -1);
}
/* ********************************************************************************* */
/* Loads an IP or name category */
int ndpi_load_category(struct ndpi_detection_module_struct *ndpi_struct, const char *ip_or_name,
ndpi_protocol_category_t category, void *user_data) {
ndpi_protocol_category_t category,
ndpi_protocol_breed_t breed,
void *user_data) {
int rv;
/* Try to load as IP address first */
rv = ndpi_load_ip_category(ndpi_struct, ip_or_name, category, user_data);
rv = ndpi_load_ip_category(ndpi_struct, ip_or_name, category, user_data); /* TODO: breed */
if(rv < 0) {
/*
@ -9278,7 +9293,7 @@ int ndpi_load_category(struct ndpi_detection_module_struct *ndpi_struct, const c
we cannot add user_data here as with Aho-Corasick this
information would not be used
*/
rv = ndpi_load_hostname_category(ndpi_struct, ip_or_name, category);
rv = ndpi_load_hostname_category(ndpi_struct, ip_or_name, category, breed);
}
return(rv);
@ -9296,7 +9311,9 @@ int ndpi_enable_loaded_categories(struct ndpi_detection_module_struct *ndpi_str)
/* First add the nDPI known categories matches */
for(i = 0; category_match[i].string_to_match != NULL; i++)
ndpi_load_category(ndpi_str, category_match[i].string_to_match,
category_match[i].protocol_category, built_in);
category_match[i].protocol_category,
category_match[i].protocol_breed,
built_in);
ndpi_domain_classify_free(ndpi_str->custom_categories.sc_hostnames);
ndpi_str->custom_categories.sc_hostnames = ndpi_str->custom_categories.sc_hostnames_shadow;
@ -9461,8 +9478,8 @@ int ndpi_fill_ipv6_protocol_category(struct ndpi_detection_module_struct *ndpi_s
/* ********************************************************************************* */
void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow,
ndpi_protocol *ret) {
void ndpi_fill_protocol_category_and_breed(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow,
ndpi_protocol *ret) {
if((ret->proto.master_protocol == NDPI_PROTOCOL_UNKNOWN)
&& (ret->proto.app_protocol == NDPI_PROTOCOL_UNKNOWN))
return;
@ -9470,21 +9487,25 @@ void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_str,
if(ndpi_str->custom_categories.categories_loaded) {
if(flow->guessed_header_category != NDPI_PROTOCOL_CATEGORY_UNSPECIFIED) {
flow->category = ret->category = flow->guessed_header_category;
flow->breed = ret->breed = get_proto_breed(ndpi_str, ret->proto);
return;
}
if(flow->host_server_name[0] != '\0') {
u_int32_t id;
ndpi_protocol_category_t category;
ndpi_protocol_breed_t breed;
int rc = ndpi_match_custom_category(ndpi_str, flow->host_server_name,
strlen(flow->host_server_name), &id);
strlen(flow->host_server_name), &category, &breed);
if(rc == 0) {
flow->category = ret->category = (ndpi_protocol_category_t) id;
flow->category = ret->category = category;
flow->breed = ret->breed = breed;
return;
}
}
}
flow->category = ret->category = ndpi_get_proto_category(ndpi_str, *ret);
flow->breed = ret->breed = get_proto_breed(ndpi_str, ret->proto);
}
/* ********************************************************************************* */
@ -9659,9 +9680,6 @@ static int do_guess(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_f
ret->proto.master_protocol = NDPI_PROTOCOL_UNKNOWN;
ret->proto.app_protocol = flow->guessed_protocol_id;
flow->detected_protocol_stack[0] = flow->guessed_protocol_id;
proto_stack_update(&flow->protocol_stack, ret->proto.master_protocol, ret->proto.app_protocol);
flow->confidence = NDPI_CONFIDENCE_CUSTOM_RULE;
ndpi_fill_protocol_category(ndpi_str, flow, ret);
return(-1);
}
@ -9670,9 +9688,6 @@ static int do_guess(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_f
ret->proto.master_protocol = NDPI_PROTOCOL_UNKNOWN;
ret->proto.app_protocol = flow->guessed_protocol_id;
flow->detected_protocol_stack[0] = flow->guessed_protocol_id;
proto_stack_update(&flow->protocol_stack, ret->proto.master_protocol, ret->proto.app_protocol);
flow->confidence = NDPI_CONFIDENCE_CUSTOM_RULE;
ndpi_fill_protocol_category(ndpi_str, flow, ret);
return(-1);
}
@ -9682,9 +9697,6 @@ static int do_guess(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_f
ret->proto.app_protocol = flow->guessed_protocol_id_by_ip;
flow->detected_protocol_stack[0] = flow->guessed_protocol_id_by_ip;
flow->detected_protocol_stack[1] = flow->guessed_protocol_id;
proto_stack_update(&flow->protocol_stack, ret->proto.master_protocol, ret->proto.app_protocol);
flow->confidence = NDPI_CONFIDENCE_CUSTOM_RULE;
ndpi_fill_protocol_category(ndpi_str, flow, ret);
return(-1);
}
@ -9940,14 +9952,17 @@ static ndpi_protocol ndpi_internal_detection_process_packet(struct ndpi_detectio
flow->num_processed_pkts++;
packet = &ndpi_str->packet;
NDPI_LOG_DBG(ndpi_str, "[%d/%d] START packet processing\n",
NDPI_LOG_DBG(ndpi_str, "[%d/%d cat:%d breed:%d] START packet processing\n",
flow->detected_protocol_stack[0],
flow->detected_protocol_stack[1]);
flow->detected_protocol_stack[1],
flow->category,
flow->breed);
ret.proto.master_protocol = flow->detected_protocol_stack[1];
ret.proto.app_protocol = flow->detected_protocol_stack[0];
ret.protocol_by_ip = flow->guessed_protocol_id_by_ip;
ret.category = flow->category;
ret.breed = flow->breed;
if(flow->monit)
memset(flow->monit, '\0', sizeof(*flow->monit));
@ -9984,6 +9999,7 @@ static ndpi_protocol ndpi_internal_detection_process_packet(struct ndpi_detectio
ret.proto.master_protocol = flow->detected_protocol_stack[1];
ret.proto.app_protocol = flow->detected_protocol_stack[0];
ret.category = flow->category;
ret.breed = flow->breed;
if(flow->extra_packets_func == NULL) {
/* Reason: extra dissection ended */
@ -10028,7 +10044,7 @@ static ndpi_protocol ndpi_internal_detection_process_packet(struct ndpi_detectio
if(nbpf_match(ndpi_str->nbpf_custom_proto[i].tree, &t)) {
/* match found */
ret.proto.master_protocol = ret.proto.app_protocol = ndpi_str->nbpf_custom_proto[i].l7_protocol;
ndpi_fill_protocol_category(ndpi_str, flow, &ret);
ndpi_fill_protocol_category_and_breed(ndpi_str, flow, &ret);
proto_stack_update(&flow->protocol_stack, ret.proto.master_protocol, ret.proto.app_protocol);
flow->confidence = NDPI_CONFIDENCE_NBPF;
/* Reason: nBPF match */
@ -10068,6 +10084,10 @@ static ndpi_protocol ndpi_internal_detection_process_packet(struct ndpi_detectio
if(do_guess(ndpi_str, flow, &ret) == -1) {
proto_stack_update(&flow->protocol_stack, ret.proto.master_protocol, ret.proto.app_protocol);
flow->confidence = NDPI_CONFIDENCE_CUSTOM_RULE;
ndpi_fill_protocol_category_and_breed(ndpi_str, flow, &ret);
/* Reason: custom rules */
internal_giveup(ndpi_str, flow, &ret);
@ -10087,10 +10107,14 @@ static ndpi_protocol ndpi_internal_detection_process_packet(struct ndpi_detectio
ret.proto.app_protocol = flow->detected_protocol_stack[0];
/* Don't overwrite the category if already set */
if((flow->category == NDPI_PROTOCOL_CATEGORY_UNSPECIFIED) && (ret.proto.app_protocol != NDPI_PROTOCOL_UNKNOWN))
ndpi_fill_protocol_category(ndpi_str, flow, &ret);
else
if((flow->category == NDPI_PROTOCOL_CATEGORY_UNSPECIFIED) && (ret.proto.app_protocol != NDPI_PROTOCOL_UNKNOWN)) {
ndpi_fill_protocol_category_and_breed(ndpi_str, flow, &ret);
} else {
ret.category = flow->category;
ret.breed = flow->breed;
}
if(flow->breed == NDPI_PROTOCOL_UNRATED)
ret.breed = flow->breed = get_proto_breed(ndpi_str, ret.proto);
if((!flow->risk_checked)
&& ((ret.proto.master_protocol != NDPI_PROTOCOL_UNKNOWN) || (ret.proto.app_protocol != NDPI_PROTOCOL_UNKNOWN))
@ -11299,7 +11323,7 @@ const char *ndpi_category_get_name(struct ndpi_detection_module_struct *ndpi_str
/* ****************************************************** */
static int category_depends_on_master(int proto)
static int category_or_breed_depends_on_master(int proto)
{
switch(proto) {
case NDPI_PROTOCOL_MAIL_POP:
@ -11330,7 +11354,7 @@ ndpi_protocol_category_t ndpi_get_proto_category(struct ndpi_detection_module_st
/* Simple rule: sub protocol first, master after, with some exceptions (i.e. mail) */
if(category_depends_on_master(proto.proto.master_protocol)) {
if(category_or_breed_depends_on_master(proto.proto.master_protocol)) {
if(ndpi_is_valid_protoId(ndpi_str, proto.proto.master_protocol))
return(ndpi_str->proto_defaults[proto.proto.master_protocol].protoCategory);
} else if((proto.proto.master_protocol == NDPI_PROTOCOL_UNKNOWN) ||
@ -11345,6 +11369,26 @@ ndpi_protocol_category_t ndpi_get_proto_category(struct ndpi_detection_module_st
/* ****************************************************** */
ndpi_protocol_category_t get_proto_category(struct ndpi_detection_module_struct *ndpi_str,
ndpi_master_app_protocol proto) {
/* Simple rule: sub protocol first, master after, with some exceptions (i.e. mail) */
if(category_or_breed_depends_on_master(proto.master_protocol)) {
if(ndpi_is_valid_protoId(ndpi_str, proto.master_protocol))
return(ndpi_str->proto_defaults[proto.master_protocol].protoCategory);
} else if((proto.master_protocol == NDPI_PROTOCOL_UNKNOWN) ||
(ndpi_str->proto_defaults[proto.app_protocol].protoCategory != NDPI_PROTOCOL_CATEGORY_UNSPECIFIED)) {
if(ndpi_is_valid_protoId(ndpi_str, proto.app_protocol))
return(ndpi_str->proto_defaults[proto.app_protocol].protoCategory);
} else if(ndpi_is_valid_protoId(ndpi_str, proto.master_protocol))
return(ndpi_str->proto_defaults[proto.master_protocol].protoCategory);
return(NDPI_PROTOCOL_CATEGORY_UNSPECIFIED);
}
/* ****************************************************** */
char *ndpi_get_proto_name(struct ndpi_detection_module_struct *ndpi_str,
u_int16_t proto_id) {
if(!ndpi_str) return("Unknown");
@ -11376,6 +11420,26 @@ ndpi_protocol_breed_t ndpi_get_proto_breed(struct ndpi_detection_module_struct *
/* ****************************************************** */
ndpi_protocol_breed_t get_proto_breed(struct ndpi_detection_module_struct *ndpi_str,
ndpi_master_app_protocol proto) {
/* Simple rule: sub protocol first, master after, with some exceptions (i.e. mail) */
if(category_or_breed_depends_on_master(proto.master_protocol)) {
if(ndpi_is_valid_protoId(ndpi_str, proto.master_protocol))
return(ndpi_str->proto_defaults[proto.master_protocol].protoBreed);
} else if((proto.master_protocol == NDPI_PROTOCOL_UNKNOWN) ||
(ndpi_str->proto_defaults[proto.app_protocol].protoBreed != NDPI_PROTOCOL_UNRATED)) {
if(ndpi_is_valid_protoId(ndpi_str, proto.app_protocol))
return(ndpi_str->proto_defaults[proto.app_protocol].protoBreed);
} else if(ndpi_is_valid_protoId(ndpi_str, proto.master_protocol))
return(ndpi_str->proto_defaults[proto.master_protocol].protoBreed);
return(NDPI_PROTOCOL_UNRATED);
}
/* ****************************************************** */
char *ndpi_get_proto_breed_name(ndpi_protocol_breed_t breed_id) {
switch(breed_id) {
case NDPI_PROTOCOL_SAFE:
@ -11411,7 +11475,7 @@ ndpi_protocol_breed_t ndpi_get_breed_by_name(const char *name) {
/* Cache the lowercased first character of 'name' */
const unsigned char fc = tolower((unsigned char)*name);
for(i = NDPI_PROTOCOL_SAFE; i <= NDPI_PROTOCOL_UNRATED; i++) {
for(i = 0; i <= NDPI_NUM_BREEDS - 1; i++) {
char *breed_name = ndpi_get_proto_breed_name((ndpi_protocol_breed_t)i);
if(breed_name && tolower((unsigned char)*breed_name) == fc) {
@ -11748,7 +11812,8 @@ u_int16_t ndpi_match_host_subprotocol(struct ndpi_detection_module_struct *ndpi_
u_int16_t master_protocol_id,
int update_flow_classification) {
u_int16_t rc, string_to_match_len;
ndpi_protocol_category_t id;
ndpi_protocol_category_t category;
ndpi_protocol_breed_t breed;
char buf[256], *string_to_match;
if(!ndpi_str) return(-1);
@ -11767,11 +11832,13 @@ u_int16_t ndpi_match_host_subprotocol(struct ndpi_detection_module_struct *ndpi_
rc = ndpi_automa_match_string_subprotocol(ndpi_str, string_to_match, string_to_match_len, ret_match);
}
id = ret_match->protocol_category;
category = ret_match->protocol_category;
breed = ret_match->protocol_breed;
if(ndpi_get_custom_category_match(ndpi_str, string_to_match,
string_to_match_len, &id) != -1) {
ret_match->protocol_category = id;
string_to_match_len, &category, &breed) != -1) {
ret_match->protocol_category = category;
ret_match->protocol_breed = breed;
rc = master_protocol_id;
}
@ -11782,9 +11849,11 @@ u_int16_t ndpi_match_host_subprotocol(struct ndpi_detection_module_struct *ndpi_
ookla_add_to_cache(ndpi_str, flow);
}
}
if(!category_depends_on_master(master_protocol_id) &&
if(!category_or_breed_depends_on_master(master_protocol_id) &&
ret_match->protocol_category != NDPI_PROTOCOL_CATEGORY_UNSPECIFIED)
flow->category = ret_match->protocol_category;
if(ret_match->protocol_breed != NDPI_PROTOCOL_UNRATED)
flow->breed = ret_match->protocol_breed;
if(ndpi_str->risky_domain_automa.ac_automa != NULL) {
u_int32_t proto_id;

21
src/lib/ndpi_utils.c
View file

@ -72,7 +72,7 @@ struct pcre2_struct {
typedef struct {
char *key;
u_int16_t value16;
u_int32_t value32;
UT_hash_handle hh;
} ndpi_str_hash_priv;
@ -1199,10 +1199,7 @@ void ndpi_serialize_proto(struct ndpi_detection_module_struct *ndpi_struct,
l7_protocol.protocol_by_ip));
ndpi_serialize_string_uint32(serializer, "proto_by_ip_id", l7_protocol.protocol_by_ip);
ndpi_serialize_string_uint32(serializer, "encrypted", ndpi_is_encrypted_proto(ndpi_struct, l7_protocol));
ndpi_protocol_breed_t breed =
ndpi_get_proto_breed(ndpi_struct,
(l7_protocol.proto.app_protocol != NDPI_PROTOCOL_UNKNOWN ? l7_protocol.proto.app_protocol : l7_protocol.proto.master_protocol));
ndpi_serialize_string_string(serializer, "breed", ndpi_get_proto_breed_name(breed));
ndpi_serialize_string_string(serializer, "breed", ndpi_get_proto_breed_name(l7_protocol.breed));
ndpi_serialize_string_uint32(serializer, "category_id", l7_protocol.category);
ndpi_serialize_string_string(serializer, "category", ndpi_category_get_name(ndpi_struct, l7_protocol.category));
}
@ -2878,7 +2875,7 @@ void ndpi_hash_free(ndpi_str_hash **h) {
/* ******************************************************************** */
int ndpi_hash_find_entry(ndpi_str_hash *h, char *key, u_int key_len, u_int16_t *value) {
int ndpi_hash_find_entry(ndpi_str_hash *h, char *key, u_int key_len, u_int32_t *value) {
ndpi_str_hash_priv *h_priv = (ndpi_str_hash_priv *)h;
ndpi_str_hash_priv *item;
@ -2889,7 +2886,7 @@ int ndpi_hash_find_entry(ndpi_str_hash *h, char *key, u_int key_len, u_int16_t *
if (item != NULL) {
if(value != NULL)
*value = item->value16;
*value = item->value32;
return 0;
} else
@ -2898,7 +2895,7 @@ int ndpi_hash_find_entry(ndpi_str_hash *h, char *key, u_int key_len, u_int16_t *
/* ******************************************************************** */
int ndpi_hash_add_entry(ndpi_str_hash **h, char *key, u_int8_t key_len, u_int16_t value) {
int ndpi_hash_add_entry(ndpi_str_hash **h, char *key, u_int8_t key_len, u_int32_t value) {
ndpi_str_hash_priv *h_priv = (ndpi_str_hash_priv *)*h;
ndpi_str_hash_priv *item, *ret_found;
@ -2908,7 +2905,7 @@ int ndpi_hash_add_entry(ndpi_str_hash **h, char *key, u_int8_t key_len, u_int16_
HASH_FIND(hh, h_priv, key, key_len, item);
if(item != NULL) {
item->value16 = value;
item->value32 = value;
return(1); /* Entry already present */
}
@ -2926,7 +2923,7 @@ int ndpi_hash_add_entry(ndpi_str_hash **h, char *key, u_int8_t key_len, u_int16_
item->key[key_len] = '\0';
}
item->value16 = value;
item->value32 = value;
HASH_ADD(hh, *((ndpi_str_hash_priv **)h), key[0], key_len, item);
@ -4013,7 +4010,7 @@ u_int ndpi_encode_domain(struct ndpi_detection_module_struct *ndpi_str,
u_int out_idx = 0, i, buf_shift = 0, domain_buf_len, compressed_len, suffix_len, domain_len;
u_int32_t value = 0;
u_char domain_buf[256], compressed[128];
u_int16_t domain_id = 0;
u_int32_t domain_id = 0;
const char *suffix;
if(!ndpi_domain_mapper_initialized) {
@ -4693,7 +4690,7 @@ char* ndpi_compute_ndpi_flow_fingerprint(struct ndpi_detection_module_struct *nd
flow->ndpi.fingerprint = ndpi_strdup((char*)fp_buf);
if(ndpi_str->ndpifp_custom_protos != NULL) {
u_int16_t proto_id;
u_int32_t proto_id;
/* This protocol has been defined in protos.txt-like files */
if(ndpi_hash_find_entry(ndpi_str->ndpifp_custom_protos,

3
src/lib/protocols/dns.c
View file

@ -897,8 +897,9 @@ static void search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct
else
ndpi_set_detected_protocol(ndpi_struct, flow, proto.master_protocol, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
}
/* Category is always NDPI_PROTOCOL_CATEGORY_NETWORK, regardless of the subprotocol */
/* Category is always NDPI_PROTOCOL_CATEGORY_NETWORK, regardless of the subprotocol. Same for the breed */
flow->category = NDPI_PROTOCOL_CATEGORY_NETWORK;
flow->breed = NDPI_PROTOCOL_ACCEPTABLE;
if(!flow->extra_packets_func &&
ndpi_struct->cfg.dns_parse_response_enabled &&

27
src/lib/protocols/http.c
View file

@ -272,6 +272,17 @@ static void ndpi_validate_http_content(struct ndpi_detection_module_struct *ndpi
/* *********************************************** */
static void update_category_and_breed(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow) {
ndpi_master_app_protocol proto;
proto.master_protocol = flow->detected_protocol_stack[1];
proto.app_protocol = flow->detected_protocol_stack[0];
flow->category = get_proto_category(ndpi_struct, proto);
flow->breed = get_proto_breed(ndpi_struct, proto);
}
/* *********************************************** */
/* https://www.freeformatter.com/mime-types-list.html */
static ndpi_protocol_category_t ndpi_http_check_content(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow) {
@ -500,7 +511,8 @@ static void ndpi_http_parse_subprotocol(struct ndpi_detection_module_struct *ndp
if(packet->server_line.len > 7 &&
strncmp((const char *)packet->server_line.ptr, "ntopng ", 7) == 0) {
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_NTOP, NDPI_PROTOCOL_HTTP, NDPI_CONFIDENCE_DPI);
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_NTOP, master_protocol, NDPI_CONFIDENCE_DPI);
update_category_and_breed(ndpi_struct, flow);
ndpi_unset_risk(ndpi_struct, flow, NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT);
}
@ -512,6 +524,7 @@ static void ndpi_http_parse_subprotocol(struct ndpi_detection_module_struct *ndp
strncmp((const char *)packet->content_line.ptr, "application/ocsp-", 17) == 0) {
NDPI_LOG_DBG2(ndpi_struct, "Found OCSP\n");
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OCSP, master_protocol, NDPI_CONFIDENCE_DPI);
update_category_and_breed(ndpi_struct, flow);
}
/* HTTP Live Streaming */
@ -521,12 +534,14 @@ static void ndpi_http_parse_subprotocol(struct ndpi_detection_module_struct *ndp
strncmp((const char *)packet->content_line.ptr, "application/x-mpegurl", 21) == 0)) {
NDPI_LOG_DBG2(ndpi_struct, "Found HLS\n");
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HLS, master_protocol, NDPI_CONFIDENCE_DPI);
update_category_and_breed(ndpi_struct, flow);
}
if((flow->http.method == NDPI_HTTP_METHOD_RPC_CONNECT) ||
(flow->http.method == NDPI_HTTP_METHOD_RPC_IN_DATA) ||
(flow->http.method == NDPI_HTTP_METHOD_RPC_OUT_DATA)) {
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MS_RPCH, master_protocol, NDPI_CONFIDENCE_DPI);
update_category_and_breed(ndpi_struct, flow);
}
switch (flow->http.method) {
@ -538,6 +553,7 @@ static void ndpi_http_parse_subprotocol(struct ndpi_detection_module_struct *ndp
case NDPI_HTTP_METHOD_PROPFIND:
case NDPI_HTTP_METHOD_PROPPATCH:
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WEBDAV, master_protocol, NDPI_CONFIDENCE_DPI);
update_category_and_breed(ndpi_struct, flow);
break;
default:
break;
@ -600,6 +616,7 @@ static void ndpi_http_parse_subprotocol(struct ndpi_detection_module_struct *ndp
(strstr(flow->http.url, ":8080/upload?n=0.") != NULL))) {
/* This looks like Ookla speedtest */
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, master_protocol, NDPI_CONFIDENCE_DPI);
update_category_and_breed(ndpi_struct, flow);
ookla_add_to_cache(ndpi_struct, flow);
}
@ -607,12 +624,14 @@ static void ndpi_http_parse_subprotocol(struct ndpi_detection_module_struct *ndp
flow->http.url != NULL &&
strstr(flow->http.url, "micloud.xiaomi.net") != NULL) {
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_XIAOMI, master_protocol, NDPI_CONFIDENCE_DPI);
update_category_and_breed(ndpi_struct, flow);
}
if(flow->detected_protocol_stack[1] == NDPI_PROTOCOL_UNKNOWN &&
packet->referer_line.len > 0 &&
ndpi_strnstr((const char *)packet->referer_line.ptr, "www.speedtest.net", packet->referer_line.len)) {
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, master_protocol, NDPI_CONFIDENCE_DPI);
update_category_and_breed(ndpi_struct, flow);
ookla_add_to_cache(ndpi_struct, flow);
}
@ -624,6 +643,7 @@ static void ndpi_http_parse_subprotocol(struct ndpi_detection_module_struct *ndp
strstr(flow->http.user_agent, "Microsoft-Delivery-Optimization/") &&
ndpi_isset_risk(flow, NDPI_NUMERIC_IP_HOST)) {
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WINDOWS_UPDATE, master_protocol, NDPI_CONFIDENCE_DPI);
update_category_and_breed(ndpi_struct, flow);
}
if(flow->detected_protocol_stack[1] == NDPI_PROTOCOL_UNKNOWN &&
@ -637,27 +657,32 @@ static void ndpi_http_parse_subprotocol(struct ndpi_detection_module_struct *ndp
</cross-domain-policy>
*/
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, master_protocol, NDPI_CONFIDENCE_DPI);
update_category_and_breed(ndpi_struct, flow);
ookla_add_to_cache(ndpi_struct, flow);
}
if ((flow->detected_protocol_stack[1] == NDPI_PROTOCOL_UNKNOWN) &&
flow->http.user_agent && strstr(flow->http.user_agent, "MSRPC")) {
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MS_RPCH, master_protocol, NDPI_CONFIDENCE_DPI);
update_category_and_breed(ndpi_struct, flow);
}
if ((flow->detected_protocol_stack[1] == NDPI_PROTOCOL_UNKNOWN) &&
flow->http.user_agent && strstr(flow->http.user_agent, "Valve/Steam HTTP Client")) {
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_STEAM, master_protocol, NDPI_CONFIDENCE_DPI);
update_category_and_breed(ndpi_struct, flow);
}
if ((flow->detected_protocol_stack[1] == NDPI_PROTOCOL_UNKNOWN) &&
flow->http.user_agent && strstr(flow->http.user_agent, "AirControl Agent v1.0")) {
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_UBNTAC2, master_protocol, NDPI_CONFIDENCE_DPI);
update_category_and_breed(ndpi_struct, flow);
}
if ((flow->detected_protocol_stack[1] == NDPI_PROTOCOL_UNKNOWN) &&
flow->http.user_agent && strstr(flow->http.user_agent, "gtk-gnutella")) {
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_GNUTELLA, master_protocol, NDPI_CONFIDENCE_DPI);
update_category_and_breed(ndpi_struct, flow);
}
if(flow->http.request_header_observed) {

10
src/lib/protocols/quic.c
View file

@ -1817,15 +1817,15 @@ static int ndpi_search_quic_extra(struct ndpi_detection_module_struct *ndpi_stru
(packet->payload[1] == 201 || /* RTCP, Receiver Report */
packet->payload[1] == 200 || /* RTCP, Sender Report */
is_valid_rtp_payload_type(packet->payload[1] & 0x7F)) /* RTP */) {
ndpi_protocol proto;
ndpi_master_app_protocol proto;
NDPI_LOG_DBG(ndpi_struct, "Found RTP/RTCP over QUIC\n");
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SNAPCHAT_CALL, NDPI_PROTOCOL_QUIC, NDPI_CONFIDENCE_DPI);
/* In "extra_eval" data path, if we change the classification, we need to update the category, too */
proto.proto.master_protocol = NDPI_PROTOCOL_QUIC;
proto.proto.app_protocol = NDPI_PROTOCOL_SNAPCHAT_CALL;
proto.category = NDPI_PROTOCOL_CATEGORY_UNSPECIFIED;
ndpi_fill_protocol_category(ndpi_struct, flow, &proto);
proto.master_protocol = NDPI_PROTOCOL_QUIC;
proto.app_protocol = NDPI_PROTOCOL_SNAPCHAT_CALL;
flow->category = get_proto_category(ndpi_struct, proto);
flow->breed = get_proto_breed(ndpi_struct, proto);
} else {
/* Unexpected traffic pattern: we should investigate it... */
NDPI_LOG_INFO(ndpi_struct, "To investigate...\n");

13
src/lib/protocols/stun.c
View file

@ -892,7 +892,7 @@ static int stun_search_again(struct ndpi_detection_module_struct *ndpi_struct,
/* TODO: right way? It is a bit scary... do we need to reset something else too? */
reset_detected_protocol(flow);
/* We keep the category related to STUN traffic */
/* We keep the category/breed related to STUN traffic */
/* TODO: clear some risks? */
/* Give room for DTLS handshake, where we might have
@ -1229,13 +1229,12 @@ static void ndpi_int_stun_add_connection(struct ndpi_detection_module_struct *nd
/* In "normal" data-path the generic code in `ndpi_internal_detection_process_packet()`
takes care of setting the category */
if(flow->extra_packets_func) {
ndpi_protocol ret;
ndpi_master_app_protocol proto;
ret.proto.master_protocol = master_proto;
ret.proto.app_protocol = app_proto;
ret.category = NDPI_PROTOCOL_CATEGORY_UNSPECIFIED;
flow->category = ndpi_get_proto_category(ndpi_struct, ret);
proto.master_protocol = master_proto;
proto.app_protocol = app_proto;
flow->category = get_proto_category(ndpi_struct, proto);
flow->breed = get_proto_breed(ndpi_struct, proto);
}
}

42
src/lib/protocols/tls.c
View file

@ -450,11 +450,11 @@ static int tls_obfuscated_heur_search_again(struct ndpi_detection_module_struct*
ndpi_set_risk(ndpi_struct, flow, NDPI_OBFUSCATED_TRAFFIC, "Obfuscated TLS-in-HTTP-WebSocket traffic");
}
ndpi_protocol ret;
ret.proto.master_protocol = ndpi_get_master_proto(ndpi_struct, flow);
ret.proto.app_protocol = NDPI_PROTOCOL_UNKNOWN;
ret.category = NDPI_PROTOCOL_CATEGORY_UNSPECIFIED;
flow->category = ndpi_get_proto_category(ndpi_struct, ret);
ndpi_master_app_protocol proto;
proto.master_protocol = ndpi_get_master_proto(ndpi_struct, flow);
proto.app_protocol = NDPI_PROTOCOL_UNKNOWN;
flow->category = get_proto_category(ndpi_struct, proto);
flow->breed = get_proto_breed(ndpi_struct, proto);
}
NDPI_EXCLUDE_DISSECTOR(ndpi_struct, flow); /* Not necessary in extra-dissection data path,
but we need it with the plain heuristic */
@ -680,13 +680,13 @@ static void checkTLSSubprotocol(struct ndpi_detection_module_struct *ndpi_struct
if(ndpi_lru_find_cache(ndpi_struct->tls_cert_cache, key,
&cached_proto, 0 /* Don't remove it as it can be used for other connections */,
ndpi_get_current_time(flow))) {
ndpi_protocol ret;
ndpi_master_app_protocol proto;
ndpi_set_detected_protocol(ndpi_struct, flow, cached_proto, ndpi_get_master_proto(ndpi_struct, flow), NDPI_CONFIDENCE_DPI_CACHE);
ret.proto.master_protocol = ndpi_get_master_proto(ndpi_struct, flow);
ret.proto.app_protocol = cached_proto;
ret.category = NDPI_PROTOCOL_CATEGORY_UNSPECIFIED;
flow->category = ndpi_get_proto_category(ndpi_struct, ret);
proto.master_protocol = ndpi_get_master_proto(ndpi_struct, flow);
proto.app_protocol = cached_proto;
flow->category = get_proto_category(ndpi_struct, proto);
flow->breed = get_proto_breed(ndpi_struct, proto);
ndpi_check_subprotocol_risk(ndpi_struct, flow, cached_proto);
ndpi_unset_risk(ndpi_struct, flow, NDPI_NUMERIC_IP_HOST);
}
@ -1095,13 +1095,13 @@ void processCertificateElements(struct ndpi_detection_module_struct *ndpi_struct
if(rc == 0) {
/* Match found */
u_int16_t proto_id = (u_int16_t)val;
ndpi_protocol ret;
ndpi_master_app_protocol proto;
ndpi_set_detected_protocol(ndpi_struct, flow, proto_id, ndpi_get_master_proto(ndpi_struct, flow), NDPI_CONFIDENCE_DPI);
ret.proto.master_protocol = ndpi_get_master_proto(ndpi_struct, flow);
ret.proto.app_protocol = proto_id;
ret.category = NDPI_PROTOCOL_CATEGORY_UNSPECIFIED;
flow->category = ndpi_get_proto_category(ndpi_struct, ret);
proto.master_protocol = ndpi_get_master_proto(ndpi_struct, flow);
proto.app_protocol = proto_id;
flow->category = get_proto_category(ndpi_struct, proto);
flow->breed = get_proto_breed(ndpi_struct, proto);
ndpi_check_subprotocol_risk(ndpi_struct, flow, proto_id);
ndpi_unset_risk(ndpi_struct, flow, NDPI_NUMERIC_IP_HOST);
@ -1764,11 +1764,11 @@ static int ndpi_search_dtls(struct ndpi_detection_module_struct *ndpi_struct,
/* DTLS mid session: no need to further inspect the flow */
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DTLS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
ndpi_protocol ret;
ret.proto.master_protocol = ndpi_get_master_proto(ndpi_struct, flow);
ret.proto.app_protocol = NDPI_PROTOCOL_UNKNOWN;
ret.category = NDPI_PROTOCOL_CATEGORY_UNSPECIFIED;
flow->category = ndpi_get_proto_category(ndpi_struct, ret);
ndpi_master_app_protocol proto;
proto.master_protocol = ndpi_get_master_proto(ndpi_struct, flow);
proto.app_protocol = NDPI_PROTOCOL_UNKNOWN;
flow->category = get_proto_category(ndpi_struct, proto);
flow->breed = get_proto_breed(ndpi_struct, proto);
flow->tls_quic.certificate_processed = 1; /* Fake, to avoid extra dissection */
break;
@ -3332,7 +3332,7 @@ compute_ja4c:
ndpi_compute_ja4(ndpi_struct, flow, quic_version, &ja);
if(ndpi_struct->ja4_custom_protos != NULL) {
u_int16_t proto_id;
u_int32_t proto_id;
/* This protocol has been defined in protos.txt-like files */
if(ndpi_hash_find_entry(ndpi_struct->ja4_custom_protos,

44
tests/cfgs/caches_cfg/result/teams.pcap.out
View file

@ -39,10 +39,10 @@ Spotify 1 82 1
Microsoft365 531 334618 13
Teams 619 233758 19
Safe 782 298577 28
Acceptable 711 377880 53
Fun 1 82 1
Unrated 4 456 1
Safe 163 64819 9
Acceptable 1330 611638 72
Fun 1 82 1
Unspecified 4 456 1
Web 126 55305 7
@ -59,43 +59,43 @@ JA Host Stats:
1 TCP 192.168.1.6:60543 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 9][cat: Collaborative/15][Breed: Acceptable][67 pkts/86089 bytes <-> 40 pkts/7347 bytes][Goodput ratio: 95/64][0.72 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.843 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/16 152/86 28/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1285/184 1494/1506 497/372][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 1,1,1,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,89,3,0,0]
2 TCP 192.168.1.6:60532 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 8][cat: Collaborative/15][Breed: Acceptable][49 pkts/58592 bytes <-> 28 pkts/6555 bytes][Goodput ratio: 94/72][0.71 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.799 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/29 177/221 32/57][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1196/234 1494/1506 564/435][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 2,2,2,0,0,2,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,81,4,0,0]
3 TCP 192.168.1.6:60554 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 12][cat: Collaborative/15][Breed: Safe][24 pkts/2746 bytes <-> 28 pkts/30546 bytes][Goodput ratio: 52/95][0.23 sec][Hostname/SNI: config.teams.microsoft.com][bytes ratio: -0.835 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/9 21/140 7/29][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 114/1091 1136/1506 217/607][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: *.config.teams.microsoft.com,config.teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=config.teams.microsoft.com][Certificate SHA-1: B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA][Firefox][Validity: 2019-12-11 02:04:20 - 2021-12-11 02:04:20][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,7,0,3,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,0,0,7,0,0,0,0,0,65,0,0]
3 TCP 192.168.1.6:60554 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 12][cat: Collaborative/15][Breed: Acceptable][24 pkts/2746 bytes <-> 28 pkts/30546 bytes][Goodput ratio: 52/95][0.23 sec][Hostname/SNI: config.teams.microsoft.com][bytes ratio: -0.835 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/9 21/140 7/29][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 114/1091 1136/1506 217/607][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: *.config.teams.microsoft.com,config.teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=config.teams.microsoft.com][Certificate SHA-1: B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA][Firefox][Validity: 2019-12-11 02:04:20 - 2021-12-11 02:04:20][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,7,0,3,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,0,0,7,0,0,0,0,0,65,0,0]
4 TCP 192.168.1.6:60561 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 10][cat: Collaborative/15][Breed: Acceptable][23 pkts/19184 bytes <-> 14 pkts/5643 bytes][Goodput ratio: 92/83][0.82 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.545 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/44 161/136 43/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 834/403 1494/1506 690/567][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 4,4,4,0,0,0,9,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,60,9,0,0]
5 TCP 192.168.1.6:60535 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 16][cat: Collaborative/15][Breed: Acceptable][21 pkts/16793 bytes <-> 13 pkts/5565 bytes][Goodput ratio: 92/84][0.33 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.502 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/18 48/49 17/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 800/428 1494/1506 681/581][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][Safari][Plen Bins: 5,5,5,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,53,10,0,0]
6 TCP 192.168.1.6:60559 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][21 pkts/15525 bytes <-> 12 pkts/5499 bytes][Goodput ratio: 91/85][0.35 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.477 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/21 52/51 22/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 739/458 1494/1506 682/595][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][Safari][Plen Bins: 5,5,5,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,52,11,0,0]
7 TCP 192.168.1.6:60545 <-> 52.114.77.58:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][49 pkts/7568 bytes <-> 34 pkts/11426 bytes][Goodput ratio: 65/83][9.23 sec][Hostname/SNI: presence.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.203 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 226/294 4927/4971 803/983][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 154/336 1494/1506 217/458][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,17,10,8,6,4,0,6,2,0,0,2,6,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]
7 TCP 192.168.1.6:60545 <-> 52.114.77.58:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][49 pkts/7568 bytes <-> 34 pkts/11426 bytes][Goodput ratio: 65/83][9.23 sec][Hostname/SNI: presence.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.203 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 226/294 4927/4971 803/983][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 154/336 1494/1506 217/458][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,17,10,8,6,4,0,6,2,0,0,2,6,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]
8 TCP 192.168.1.6:60549 <-> 13.107.18.11:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 21/Outlook][Encrypted][Confidence: DPI][FPC: 219/Microsoft365, Confidence: DNS][DPI packets: 10][cat: Collaborative/15][Breed: Acceptable][28 pkts/7696 bytes <-> 26 pkts/9797 bytes][Goodput ratio: 80/85][1.16 sec][Hostname/SNI: substrate.office.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 47/23 539/167 115/43][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 275/377 1494/1506 397/471][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][ServerNames: outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com][JA3S: a66ea560599a2f5c89eec8c3a0d69cee][Issuer: C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com][Certificate SHA-1: AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2][Validity: 2019-07-12 00:00:00 - 2021-07-12 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,22,7,0,7,0,7,0,0,3,3,0,0,0,3,0,7,0,3,0,10,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0]
9 TCP 192.168.1.6:60548 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 8][cat: Collaborative/15][Breed: Acceptable][18 pkts/12047 bytes <-> 11 pkts/5433 bytes][Goodput ratio: 90/86][0.32 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.378 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/23 51/51 21/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 669/494 1494/1506 669/609][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 6,6,6,0,0,0,6,0,0,0,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,44,12,0,0]
10 TCP 192.168.1.6:60533 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: IP address][DPI packets: 12][cat: Collaborative/15][Breed: Safe][20 pkts/1861 bytes <-> 20 pkts/12980 bytes][Goodput ratio: 41/91][0.10 sec][Hostname/SNI: teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/4 29/29 8/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 93/649 312/1506 76/603][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][ServerNames: teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,15,10,0,5,0,10,0,5,0,5,0,0,0,0,0,5,0,0,10,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0]
11 TCP 192.168.1.6:60540 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][14 pkts/5711 bytes <-> 10 pkts/8093 bytes][Goodput ratio: 83/92][0.13 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.173 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 32/32 13/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 408/809 1494/1506 517/688][nDPI Fingerprint: 5fb4c79ca06d0d1a2c439b047f560ede][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][Plen Bins: 0,7,0,7,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,15,31,0,0]
10 TCP 192.168.1.6:60533 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: IP address][DPI packets: 12][cat: Collaborative/15][Breed: Acceptable][20 pkts/1861 bytes <-> 20 pkts/12980 bytes][Goodput ratio: 41/91][0.10 sec][Hostname/SNI: teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/4 29/29 8/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 93/649 312/1506 76/603][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][ServerNames: teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,15,10,0,5,0,10,0,5,0,5,0,0,0,0,0,5,0,0,10,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0]
11 TCP 192.168.1.6:60540 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][14 pkts/5711 bytes <-> 10 pkts/8093 bytes][Goodput ratio: 83/92][0.13 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.173 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 32/32 13/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 408/809 1494/1506 517/688][nDPI Fingerprint: 5fb4c79ca06d0d1a2c439b047f560ede][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][Plen Bins: 0,7,0,7,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,15,31,0,0]
12 TCP 192.168.1.6:60537 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 8][cat: Collaborative/15][Breed: Acceptable][16 pkts/8418 bytes <-> 10 pkts/5367 bytes][Goodput ratio: 87/88][0.27 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.221 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/27 46/46 20/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 526/537 1494/1506 639/623][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,7,7,0,0,0,7,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,7,0,0,31,15,0,0]
13 TCP 192.168.1.6:60555 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 11][cat: Collaborative/15][Breed: Acceptable][18 pkts/5861 bytes <-> 13 pkts/7901 bytes][Goodput ratio: 80/89][2.79 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: -0.148 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 192/269 2443/2490 625/741][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 326/608 1494/1506 448/617][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Firefox][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,11,0,0,5,0,0,0,5,5,0,0,11,0,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,22,0,0]
14 UDP 192.168.1.6:51681 <-> 52.114.77.136:3478 [proto: 78/STUN][Stack: STUN][IP: 276/Azure][ClearText][Confidence: Match by port][FPC: 250/Teams, Confidence: DNS][DPI packets: 7][cat: Network/14][Breed: Acceptable][14 pkts/5838 bytes <-> 17 pkts/7907 bytes][Goodput ratio: 90/91][4.57 sec][bytes ratio: -0.151 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 347/256 2336/2336 693/595][Pkt Len c2s/s2c min/avg/max/stddev: 79/79 417/465 1243/1227 434/401][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 6.927 (Compressed Executable?)][PLAIN TEXT (TBHSWF)][Plen Bins: 0,36,0,0,0,12,6,0,3,6,0,0,0,3,0,0,0,0,0,0,0,0,0,6,6,0,0,0,0,0,3,0,3,3,0,0,0,9,0,0,0,0,0,0,0,0,0,0]
15 TCP 192.168.1.6:60547 <-> 52.114.88.59:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 219/Microsoft365, Confidence: DNS][DPI packets: 16][cat: Collaborative/15][Breed: Safe][20 pkts/3926 bytes <-> 15 pkts/8828 bytes][Goodput ratio: 66/89][0.32 sec][Hostname/SNI: chatsvcagg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.384 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/25 91/80 23/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 196/589 1494/1506 320/612][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,10,5,0,5,10,5,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,21,0,0]
16 TCP 192.168.1.6:60565 <-> 52.114.108.8:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][19 pkts/3306 bytes <-> 14 pkts/9053 bytes][Goodput ratio: 61/90][0.43 sec][Hostname/SNI: emea.ng.msg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.465 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/12 276/54 68/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 174/647 1060/1506 238/633][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,22,16,5,0,0,5,0,0,0,0,0,0,5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,22,0,0]
17 TCP 192.168.1.6:60541 <-> 52.114.75.69:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 10][cat: Collaborative/15][Breed: Safe][13 pkts/4051 bytes <-> 9 pkts/7973 bytes][Goodput ratio: 79/92][0.14 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.326 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/11 31/36 14/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 312/886 1494/1506 422/676][nDPI Fingerprint: 5fb4c79ca06d0d1a2c439b047f560ede][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][ServerNames: *.asm.skype.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=*.asm.skype.com][Certificate SHA-1: B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48][Validity: 2019-05-07 12:50:03 - 2021-05-07 12:50:03][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,8,0,8,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,34,0,0]
15 TCP 192.168.1.6:60547 <-> 52.114.88.59:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 219/Microsoft365, Confidence: DNS][DPI packets: 16][cat: Collaborative/15][Breed: Acceptable][20 pkts/3926 bytes <-> 15 pkts/8828 bytes][Goodput ratio: 66/89][0.32 sec][Hostname/SNI: chatsvcagg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.384 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/25 91/80 23/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 196/589 1494/1506 320/612][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,10,5,0,5,10,5,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,21,0,0]
16 TCP 192.168.1.6:60565 <-> 52.114.108.8:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][19 pkts/3306 bytes <-> 14 pkts/9053 bytes][Goodput ratio: 61/90][0.43 sec][Hostname/SNI: emea.ng.msg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.465 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/12 276/54 68/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 174/647 1060/1506 238/633][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,22,16,5,0,0,5,0,0,0,0,0,0,5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,22,0,0]
17 TCP 192.168.1.6:60541 <-> 52.114.75.69:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 10][cat: Collaborative/15][Breed: Acceptable][13 pkts/4051 bytes <-> 9 pkts/7973 bytes][Goodput ratio: 79/92][0.14 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.326 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/11 31/36 14/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 312/886 1494/1506 422/676][nDPI Fingerprint: 5fb4c79ca06d0d1a2c439b047f560ede][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][ServerNames: *.asm.skype.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=*.asm.skype.com][Certificate SHA-1: B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48][Validity: 2019-05-07 12:50:03 - 2021-05-07 12:50:03][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,8,0,8,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,34,0,0]
18 TCP 192.168.1.6:60556 <-> 40.126.9.7:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 219/Microsoft365][Encrypted][Confidence: DPI][FPC: 219/Microsoft365, Confidence: IP address][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][15 pkts/4178 bytes <-> 12 pkts/7795 bytes][Goodput ratio: 76/90][0.43 sec][Hostname/SNI: login.microsoftonline.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.302 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/45 105/135 29/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 279/650 1494/1506 415/671][nDPI Fingerprint: 7d566af7d9cf82d9648af572f48542b0][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d2010h2_2a284e3b0c56_f05fdf8c38a9][Safari][Plen Bins: 7,7,0,15,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,7,31,0,0]
19 TCP 192.168.1.6:60560 <-> 40.126.9.67:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 219/Microsoft365][Encrypted][Confidence: DPI][FPC: 219/Microsoft365, Confidence: IP address][DPI packets: 9][cat: Collaborative/15][Breed: Acceptable][14 pkts/4099 bytes <-> 12 pkts/7812 bytes][Goodput ratio: 77/90][0.36 sec][Hostname/SNI: login.microsoftonline.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.312 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/20 107/54 31/21][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 293/651 1494/1506 427/672][nDPI Fingerprint: 7d566af7d9cf82d9648af572f48542b0][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d2010h2_2a284e3b0c56_f05fdf8c38a9][ServerNames: login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com][JA3S: 678aeaf909676262acfb913ccb78a126][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=stamp2.login.microsoftonline.com][Certificate SHA-1: 7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63][Safari][Validity: 2018-09-24 21:49:30 - 2020-09-24 21:49:30][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,7,0,15,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,7,31,0,0]
20 TCP 192.168.1.6:60544 <-> 52.114.76.48:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][21 pkts/3510 bytes <-> 17 pkts/8350 bytes][Goodput ratio: 67/89][9.73 sec][Hostname/SNI: northeurope.notifications.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.408 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/743 403/8978 94/2380][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 167/491 1114/1506 247/578][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,10,0,5,0,0,10,5,0,0,15,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,21,0,0]
20 TCP 192.168.1.6:60544 <-> 52.114.76.48:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][21 pkts/3510 bytes <-> 17 pkts/8350 bytes][Goodput ratio: 67/89][9.73 sec][Hostname/SNI: northeurope.notifications.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.408 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/743 403/8978 94/2380][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 167/491 1114/1506 247/578][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,10,0,5,0,0,10,5,0,0,15,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,21,0,0]
21 TCP 192.168.1.6:60562 <-> 104.40.187.151:443 [proto: 91/TLS][Stack: TLS][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 16][cat: Web/5][Breed: Safe][19 pkts/3484 bytes <-> 13 pkts/8009 bytes][Goodput ratio: 63/89][0.29 sec][Hostname/SNI: api.microsoftstream.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.394 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/12 45/45 15/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 183/616 1379/1506 297/613][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,22,22,0,0,0,5,5,0,0,0,5,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,22,0,0]
22 TCP 192.168.1.6:60563 <-> 52.169.186.119:443 [proto: 91/TLS][Stack: TLS][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 16][cat: Web/5][Breed: Safe][17 pkts/3244 bytes <-> 12 pkts/8152 bytes][Goodput ratio: 65/90][0.22 sec][Hostname/SNI: euno-1.api.microsoftstream.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.431 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/13 69/48 22/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 191/679 1352/1506 306/618][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,18,18,0,0,0,6,6,0,0,0,6,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,25,0,0]
23 TCP 192.168.1.6:60552 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 8][cat: Collaborative/15][Breed: Acceptable][14 pkts/5842 bytes <-> 11 pkts/5445 bytes][Goodput ratio: 84/86][0.66 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.035 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/71 143/237 42/77][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 417/495 1494/1506 527/609][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 8,8,8,0,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,16,16,0,0]
24 TCP 192.168.1.6:60542 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 12][cat: Collaborative/15][Breed: Safe][18 pkts/2750 bytes <-> 19 pkts/8360 bytes][Goodput ratio: 64/87][2.95 sec][Hostname/SNI: config.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.505 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 197/61 1998/468 513/122][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 153/440 575/1506 158/563][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][ServerNames: *.config.teams.microsoft.com,config.teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=config.teams.microsoft.com][Certificate SHA-1: B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA][Validity: 2019-12-11 02:04:20 - 2021-12-11 02:04:20][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,11,11,0,11,0,11,0,0,11,5,0,5,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0]
25 TCP 192.168.1.6:60536 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: IP address][DPI packets: 12][cat: Collaborative/15][Breed: Safe][13 pkts/3676 bytes <-> 10 pkts/6984 bytes][Goodput ratio: 80/92][0.04 sec][Hostname/SNI: teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.310 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/4 13/15 5/6][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 283/698 1494/1506 438/666][nDPI Fingerprint: 5fb4c79ca06d0d1a2c439b047f560ede][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][ServerNames: teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,7,15,0,7,0,15,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0]
24 TCP 192.168.1.6:60542 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 12][cat: Collaborative/15][Breed: Acceptable][18 pkts/2750 bytes <-> 19 pkts/8360 bytes][Goodput ratio: 64/87][2.95 sec][Hostname/SNI: config.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.505 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 197/61 1998/468 513/122][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 153/440 575/1506 158/563][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][ServerNames: *.config.teams.microsoft.com,config.teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=config.teams.microsoft.com][Certificate SHA-1: B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA][Validity: 2019-12-11 02:04:20 - 2021-12-11 02:04:20][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,11,11,0,11,0,11,0,0,11,5,0,5,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0]
25 TCP 192.168.1.6:60536 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: IP address][DPI packets: 12][cat: Collaborative/15][Breed: Acceptable][13 pkts/3676 bytes <-> 10 pkts/6984 bytes][Goodput ratio: 80/92][0.04 sec][Hostname/SNI: teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.310 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/4 13/15 5/6][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 283/698 1494/1506 438/666][nDPI Fingerprint: 5fb4c79ca06d0d1a2c439b047f560ede][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][ServerNames: teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,7,15,0,7,0,15,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0]
26 TCP 192.168.1.6:60568 <-> 40.79.138.41:443 [proto: 91/TLS][Stack: TLS][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 212/Microsoft, Confidence: DNS][DPI packets: 5][cat: Web/5][Breed: Safe][12 pkts/2175 bytes <-> 9 pkts/8211 bytes][Goodput ratio: 62/93][0.18 sec][Hostname/SNI: gate.hockeyapp.net][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.581 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/22 37/68 16/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 181/912 599/1506 178/631][nDPI Fingerprint: 7d566af7d9cf82d9648af572f48542b0][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d2010h2_2a284e3b0c56_f05fdf8c38a9][Safari][Plen Bins: 0,0,0,9,0,9,0,9,0,0,0,0,9,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,36,0,0]
27 TCP 192.168.1.6:60564 <-> 40.79.138.41:443 [proto: 91/TLS][Stack: TLS][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 212/Microsoft, Confidence: DNS][DPI packets: 5][cat: Web/5][Breed: Safe][12 pkts/2159 bytes <-> 9 pkts/8211 bytes][Goodput ratio: 62/93][0.17 sec][Hostname/SNI: gate.hockeyapp.net][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.584 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/20 33/42 14/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 180/912 599/1506 176/631][nDPI Fingerprint: 7d566af7d9cf82d9648af572f48542b0][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d2010h2_2a284e3b0c56_f05fdf8c38a9][Safari][Plen Bins: 0,0,0,9,0,9,0,9,0,0,0,0,9,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,36,0,0]
28 TCP 192.168.1.6:60551 <-> 52.114.15.45:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 11][cat: Collaborative/15][Breed: Safe][13 pkts/2426 bytes <-> 11 pkts/7772 bytes][Goodput ratio: 70/92][0.88 sec][Hostname/SNI: trouter2-asse-a.trouter.teams.microsoft.com][bytes ratio: -0.524 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 70/90 207/235 82/92][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 187/707 1393/1506 353/636][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: *.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2][Subject: CN=*.trouter.teams.microsoft.com][Certificate SHA-1: DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4][Firefox][Validity: 2019-11-29 17:57:58 - 2021-11-29 17:57:58][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,24,0,7,7,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,31,0,0]
28 TCP 192.168.1.6:60551 <-> 52.114.15.45:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 11][cat: Collaborative/15][Breed: Acceptable][13 pkts/2426 bytes <-> 11 pkts/7772 bytes][Goodput ratio: 70/92][0.88 sec][Hostname/SNI: trouter2-asse-a.trouter.teams.microsoft.com][bytes ratio: -0.524 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 70/90 207/235 82/92][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 187/707 1393/1506 353/636][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: *.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2][Subject: CN=*.trouter.teams.microsoft.com][Certificate SHA-1: DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4][Firefox][Validity: 2019-11-29 17:57:58 - 2021-11-29 17:57:58][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,24,0,7,7,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,31,0,0]
29 TCP 192.168.1.6:60534 <-> 40.126.9.5:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 219/Microsoft365][Encrypted][Confidence: DPI][FPC: 219/Microsoft365, Confidence: IP address][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][15 pkts/2846 bytes <-> 10 pkts/7289 bytes][Goodput ratio: 64/91][0.20 sec][Hostname/SNI: login.microsoftonline.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.438 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/21 41/53 16/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 190/729 1471/1506 349/665][nDPI Fingerprint: 7d566af7d9cf82d9648af572f48542b0][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d2010h2_2a284e3b0c56_f05fdf8c38a9][Safari][Plen Bins: 9,9,0,18,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,36,0,0]
30 TCP 162.125.19.131:443 <-> 192.168.1.6:60344 [proto: 91/TLS][Stack: TLS][IP: 121/Dropbox][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 3][cat: Web/5][Breed: Safe][8 pkts/761 bytes <-> 8 pkts/9347 bytes][Goodput ratio: 31/94][0.12 sec][bytes ratio: -0.849 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/1 111/4 41/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 95/1168 299/1494 77/500][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,63,0,0,0]
31 TCP 192.168.1.6:60567 <-> 52.114.77.136:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][13 pkts/2389 bytes <-> 11 pkts/7293 bytes][Goodput ratio: 69/91][1.77 sec][Hostname/SNI: api.flightproxy.teams.microsoft.com][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/50 84/122 28/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 184/663 703/1506 228/665][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 0,16,0,16,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,16,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
32 TCP 192.168.1.6:60557 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 12][cat: Collaborative/15][Breed: Safe][12 pkts/2422 bytes <-> 13 pkts/7118 bytes][Goodput ratio: 72/90][0.17 sec][Hostname/SNI: teams.microsoft.com][bytes ratio: -0.492 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/14 91/79 27/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 202/548 954/1506 267/645][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Firefox][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,0,8,0,8,8,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
31 TCP 192.168.1.6:60567 <-> 52.114.77.136:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][13 pkts/2389 bytes <-> 11 pkts/7293 bytes][Goodput ratio: 69/91][1.77 sec][Hostname/SNI: api.flightproxy.teams.microsoft.com][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/50 84/122 28/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 184/663 703/1506 228/665][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 0,16,0,16,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,16,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
32 TCP 192.168.1.6:60557 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 12][cat: Collaborative/15][Breed: Acceptable][12 pkts/2422 bytes <-> 13 pkts/7118 bytes][Goodput ratio: 72/90][0.17 sec][Hostname/SNI: teams.microsoft.com][bytes ratio: -0.492 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/14 91/79 27/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 202/548 954/1506 267/645][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Firefox][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,0,8,0,8,8,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
33 UDP 93.71.110.205:16332 <-> 192.168.1.6:50016 [proto: 78.38/STUN.TeamsCall][Stack: STUN.TeamsCall][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.TeamsCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][Breed: Acceptable][30 pkts/5952 bytes <-> 7 pkts/3184 bytes][Goodput ratio: 79/91][2.72 sec][bytes ratio: 0.303 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 99/467 1167/1168 282/553][Pkt Len c2s/s2c min/avg/max/stddev: 80/80 198/455 1256/1256 284/507][Mapped IP/Port: 93.71.110.205:16332][PLAIN TEXT (SMnzNK)][Plen Bins: 0,8,60,18,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0]
34 TCP 192.168.1.6:50036 <-> 52.114.250.153:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 13][cat: Collaborative/15][Breed: Safe][17 pkts/1759 bytes <-> 13 pkts/7267 bytes][Goodput ratio: 46/90][3.92 sec][Hostname/SNI: 52.114.250.153][bytes ratio: -0.610 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 273/381 3619/3662 928/1094][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 103/559 289/1506 79/554][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.153 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][nDPI Fingerprint: 9a0007ae7d111b0357685510564bb3b6][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 11,11,0,11,0,18,5,5,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0]
35 TCP 192.168.1.6:60538 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][12 pkts/1791 bytes <-> 8 pkts/7215 bytes][Goodput ratio: 54/93][0.15 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.602 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/16 37/65 15/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 149/902 689/1506 176/629][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,10,0,10,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
36 TCP 192.168.1.6:60539 <-> 52.114.75.69:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][12 pkts/1773 bytes <-> 8 pkts/7189 bytes][Goodput ratio: 53/93][0.15 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/20 32/58 15/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 148/899 674/1506 171/632][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,10,0,10,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
37 TCP 192.168.1.6:50018 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][20 pkts/1629 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 29/90][1.92 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.626 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/18 69/92 24/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 81/546 241/1506 48/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
38 TCP 192.168.1.6:50021 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][18 pkts/1509 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 32/90][0.66 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.649 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/23 46/85 20/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 84/546 241/1506 50/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
39 TCP 192.168.1.6:50014 <-> 52.114.250.152:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 14][cat: Collaborative/15][Breed: Safe][14 pkts/1347 bytes <-> 11 pkts/6975 bytes][Goodput ratio: 42/91][0.22 sec][Hostname/SNI: 52.114.250.152][bytes ratio: -0.676 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/22 43/84 20/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96/634 289/1506 73/570][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.152 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][nDPI Fingerprint: 9a0007ae7d111b0357685510564bb3b6][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,14,0,14,0,14,0,7,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0]
34 TCP 192.168.1.6:50036 <-> 52.114.250.153:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 13][cat: Collaborative/15][Breed: Acceptable][17 pkts/1759 bytes <-> 13 pkts/7267 bytes][Goodput ratio: 46/90][3.92 sec][Hostname/SNI: 52.114.250.153][bytes ratio: -0.610 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 273/381 3619/3662 928/1094][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 103/559 289/1506 79/554][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.153 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][nDPI Fingerprint: 9a0007ae7d111b0357685510564bb3b6][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 11,11,0,11,0,18,5,5,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0]
35 TCP 192.168.1.6:60538 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][12 pkts/1791 bytes <-> 8 pkts/7215 bytes][Goodput ratio: 54/93][0.15 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.602 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/16 37/65 15/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 149/902 689/1506 176/629][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,10,0,10,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
36 TCP 192.168.1.6:60539 <-> 52.114.75.69:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][12 pkts/1773 bytes <-> 8 pkts/7189 bytes][Goodput ratio: 53/93][0.15 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/20 32/58 15/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 148/899 674/1506 171/632][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,10,0,10,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
37 TCP 192.168.1.6:50018 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][20 pkts/1629 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 29/90][1.92 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.626 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/18 69/92 24/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 81/546 241/1506 48/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
38 TCP 192.168.1.6:50021 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][18 pkts/1509 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 32/90][0.66 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.649 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/23 46/85 20/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 84/546 241/1506 50/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
39 TCP 192.168.1.6:50014 <-> 52.114.250.152:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 14][cat: Collaborative/15][Breed: Acceptable][14 pkts/1347 bytes <-> 11 pkts/6975 bytes][Goodput ratio: 42/91][0.22 sec][Hostname/SNI: 52.114.250.152][bytes ratio: -0.676 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/22 43/84 20/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96/634 289/1506 73/570][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.152 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][nDPI Fingerprint: 9a0007ae7d111b0357685510564bb3b6][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,14,0,14,0,14,0,7,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0]
40 TCP 192.168.1.6:60566 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][Stack: TLS.ntop][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 6][cat: Network/14][Breed: Safe][9 pkts/3029 bytes <-> 8 pkts/2213 bytes][Goodput ratio: 80/76][2.73 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 351/431 1977/2053 668/728][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/277 1012/1291 385/397][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][nDPI Fingerprint: c065e46d9db9a0ceb94dd29c4017c325][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0]
41 TCP 192.168.1.6:60546 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][Stack: TLS.ntop][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 6][cat: Network/14][Breed: Safe][10 pkts/2195 bytes <-> 10 pkts/2077 bytes][Goodput ratio: 69/68][5.38 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 650/754 5000/5000 1645/1734][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/208 1021/1292 308/364][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][nDPI Fingerprint: c065e46d9db9a0ceb94dd29c4017c325][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0]
42 UDP 192.168.1.6:50036 <-> 52.114.250.137:3478 [proto: 78.38/STUN.TeamsCall][Stack: STUN.TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.TeamsCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][Breed: Acceptable][5 pkts/1390 bytes <-> 4 pkts/733 bytes][Goodput ratio: 85/77][4.06 sec][bytes ratio: 0.309 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/100 1003/774 2235/2092 994/932][Pkt Len c2s/s2c min/avg/max/stddev: 228/174 278/183 314/198 33/10][Mapped IP/Port: 93.71.110.205:16333][Peer IP/Port: 18.140.192.228:28678][PLAIN TEXT (rtcmedia)][Plen Bins: 0,0,0,0,44,11,11,11,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

44
tests/cfgs/caches_global/result/teams.pcap.out
View file

@ -40,10 +40,10 @@ Spotify 1 82 1
Microsoft365 531 334618 13
Teams 722 277403 23
Safe 782 298577 28
Acceptable 711 377880 53
Fun 1 82 1
Unrated 4 456 1
Safe 163 64819 9
Acceptable 1330 611638 72
Fun 1 82 1
Unspecified 4 456 1
Web 23 11660 3
@ -60,43 +60,43 @@ JA Host Stats:
1 TCP 192.168.1.6:60543 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 9][cat: Collaborative/15][Breed: Acceptable][67 pkts/86089 bytes <-> 40 pkts/7347 bytes][Goodput ratio: 95/64][0.72 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.843 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/16 152/86 28/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1285/184 1494/1506 497/372][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 1,1,1,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,89,3,0,0]
2 TCP 192.168.1.6:60532 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 8][cat: Collaborative/15][Breed: Acceptable][49 pkts/58592 bytes <-> 28 pkts/6555 bytes][Goodput ratio: 94/72][0.71 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.799 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/29 177/221 32/57][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1196/234 1494/1506 564/435][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 2,2,2,0,0,2,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,81,4,0,0]
3 TCP 192.168.1.6:60554 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 12][cat: Collaborative/15][Breed: Safe][24 pkts/2746 bytes <-> 28 pkts/30546 bytes][Goodput ratio: 52/95][0.23 sec][Hostname/SNI: config.teams.microsoft.com][bytes ratio: -0.835 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/9 21/140 7/29][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 114/1091 1136/1506 217/607][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: *.config.teams.microsoft.com,config.teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=config.teams.microsoft.com][Certificate SHA-1: B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA][Firefox][Validity: 2019-12-11 02:04:20 - 2021-12-11 02:04:20][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,7,0,3,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,0,0,7,0,0,0,0,0,65,0,0]
3 TCP 192.168.1.6:60554 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 12][cat: Collaborative/15][Breed: Acceptable][24 pkts/2746 bytes <-> 28 pkts/30546 bytes][Goodput ratio: 52/95][0.23 sec][Hostname/SNI: config.teams.microsoft.com][bytes ratio: -0.835 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/9 21/140 7/29][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 114/1091 1136/1506 217/607][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: *.config.teams.microsoft.com,config.teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=config.teams.microsoft.com][Certificate SHA-1: B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA][Firefox][Validity: 2019-12-11 02:04:20 - 2021-12-11 02:04:20][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,7,0,3,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,0,0,7,0,0,0,0,0,65,0,0]
4 TCP 192.168.1.6:60561 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 10][cat: Collaborative/15][Breed: Acceptable][23 pkts/19184 bytes <-> 14 pkts/5643 bytes][Goodput ratio: 92/83][0.82 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.545 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/44 161/136 43/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 834/403 1494/1506 690/567][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 4,4,4,0,0,0,9,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,60,9,0,0]
5 TCP 192.168.1.6:60535 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 16][cat: Collaborative/15][Breed: Acceptable][21 pkts/16793 bytes <-> 13 pkts/5565 bytes][Goodput ratio: 92/84][0.33 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.502 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/18 48/49 17/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 800/428 1494/1506 681/581][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][Safari][Plen Bins: 5,5,5,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,53,10,0,0]
6 TCP 192.168.1.6:60559 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][21 pkts/15525 bytes <-> 12 pkts/5499 bytes][Goodput ratio: 91/85][0.35 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.477 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/21 52/51 22/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 739/458 1494/1506 682/595][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][Safari][Plen Bins: 5,5,5,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,52,11,0,0]
7 TCP 192.168.1.6:60545 <-> 52.114.77.58:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][49 pkts/7568 bytes <-> 34 pkts/11426 bytes][Goodput ratio: 65/83][9.23 sec][Hostname/SNI: presence.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.203 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 226/294 4927/4971 803/983][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 154/336 1494/1506 217/458][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,17,10,8,6,4,0,6,2,0,0,2,6,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]
7 TCP 192.168.1.6:60545 <-> 52.114.77.58:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][49 pkts/7568 bytes <-> 34 pkts/11426 bytes][Goodput ratio: 65/83][9.23 sec][Hostname/SNI: presence.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.203 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 226/294 4927/4971 803/983][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 154/336 1494/1506 217/458][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,17,10,8,6,4,0,6,2,0,0,2,6,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]
8 TCP 192.168.1.6:60549 <-> 13.107.18.11:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 21/Outlook][Encrypted][Confidence: DPI][FPC: 219/Microsoft365, Confidence: DNS][DPI packets: 10][cat: Collaborative/15][Breed: Acceptable][28 pkts/7696 bytes <-> 26 pkts/9797 bytes][Goodput ratio: 80/85][1.16 sec][Hostname/SNI: substrate.office.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 47/23 539/167 115/43][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 275/377 1494/1506 397/471][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][ServerNames: outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com][JA3S: a66ea560599a2f5c89eec8c3a0d69cee][Issuer: C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com][Certificate SHA-1: AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2][Validity: 2019-07-12 00:00:00 - 2021-07-12 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,22,7,0,7,0,7,0,0,3,3,0,0,0,3,0,7,0,3,0,10,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0]
9 TCP 192.168.1.6:60548 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 8][cat: Collaborative/15][Breed: Acceptable][18 pkts/12047 bytes <-> 11 pkts/5433 bytes][Goodput ratio: 90/86][0.32 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.378 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/23 51/51 21/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 669/494 1494/1506 669/609][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 6,6,6,0,0,0,6,0,0,0,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,44,12,0,0]
10 TCP 192.168.1.6:60533 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: IP address][DPI packets: 12][cat: Collaborative/15][Breed: Safe][20 pkts/1861 bytes <-> 20 pkts/12980 bytes][Goodput ratio: 41/91][0.10 sec][Hostname/SNI: teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/4 29/29 8/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 93/649 312/1506 76/603][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][ServerNames: teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,15,10,0,5,0,10,0,5,0,5,0,0,0,0,0,5,0,0,10,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0]
11 TCP 192.168.1.6:60540 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][14 pkts/5711 bytes <-> 10 pkts/8093 bytes][Goodput ratio: 83/92][0.13 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.173 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 32/32 13/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 408/809 1494/1506 517/688][nDPI Fingerprint: 5fb4c79ca06d0d1a2c439b047f560ede][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][Plen Bins: 0,7,0,7,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,15,31,0,0]
10 TCP 192.168.1.6:60533 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: IP address][DPI packets: 12][cat: Collaborative/15][Breed: Acceptable][20 pkts/1861 bytes <-> 20 pkts/12980 bytes][Goodput ratio: 41/91][0.10 sec][Hostname/SNI: teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/4 29/29 8/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 93/649 312/1506 76/603][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][ServerNames: teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,15,10,0,5,0,10,0,5,0,5,0,0,0,0,0,5,0,0,10,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0]
11 TCP 192.168.1.6:60540 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][14 pkts/5711 bytes <-> 10 pkts/8093 bytes][Goodput ratio: 83/92][0.13 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.173 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 32/32 13/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 408/809 1494/1506 517/688][nDPI Fingerprint: 5fb4c79ca06d0d1a2c439b047f560ede][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][Plen Bins: 0,7,0,7,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,15,31,0,0]
12 TCP 192.168.1.6:60537 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 8][cat: Collaborative/15][Breed: Acceptable][16 pkts/8418 bytes <-> 10 pkts/5367 bytes][Goodput ratio: 87/88][0.27 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.221 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/27 46/46 20/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 526/537 1494/1506 639/623][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,7,7,0,0,0,7,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,7,0,0,31,15,0,0]
13 TCP 192.168.1.6:60555 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 11][cat: Collaborative/15][Breed: Acceptable][18 pkts/5861 bytes <-> 13 pkts/7901 bytes][Goodput ratio: 80/89][2.79 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: -0.148 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 192/269 2443/2490 625/741][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 326/608 1494/1506 448/617][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Firefox][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,11,0,0,5,0,0,0,5,5,0,0,11,0,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,22,0,0]
14 UDP 192.168.1.6:51681 <-> 52.114.77.136:3478 [proto: 78/STUN][Stack: STUN][IP: 276/Azure][ClearText][Confidence: Match by port][FPC: 250/Teams, Confidence: DNS][DPI packets: 7][cat: Network/14][Breed: Acceptable][14 pkts/5838 bytes <-> 17 pkts/7907 bytes][Goodput ratio: 90/91][4.57 sec][bytes ratio: -0.151 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 347/256 2336/2336 693/595][Pkt Len c2s/s2c min/avg/max/stddev: 79/79 417/465 1243/1227 434/401][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 6.927 (Compressed Executable?)][PLAIN TEXT (TBHSWF)][Plen Bins: 0,36,0,0,0,12,6,0,3,6,0,0,0,3,0,0,0,0,0,0,0,0,0,6,6,0,0,0,0,0,3,0,3,3,0,0,0,9,0,0,0,0,0,0,0,0,0,0]
15 TCP 192.168.1.6:60547 <-> 52.114.88.59:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 219/Microsoft365, Confidence: DNS][DPI packets: 16][cat: Collaborative/15][Breed: Safe][20 pkts/3926 bytes <-> 15 pkts/8828 bytes][Goodput ratio: 66/89][0.32 sec][Hostname/SNI: chatsvcagg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.384 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/25 91/80 23/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 196/589 1494/1506 320/612][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,10,5,0,5,10,5,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,21,0,0]
16 TCP 192.168.1.6:60565 <-> 52.114.108.8:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][19 pkts/3306 bytes <-> 14 pkts/9053 bytes][Goodput ratio: 61/90][0.43 sec][Hostname/SNI: emea.ng.msg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.465 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/12 276/54 68/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 174/647 1060/1506 238/633][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,22,16,5,0,0,5,0,0,0,0,0,0,5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,22,0,0]
17 TCP 192.168.1.6:60541 <-> 52.114.75.69:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 10][cat: Collaborative/15][Breed: Safe][13 pkts/4051 bytes <-> 9 pkts/7973 bytes][Goodput ratio: 79/92][0.14 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.326 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/11 31/36 14/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 312/886 1494/1506 422/676][nDPI Fingerprint: 5fb4c79ca06d0d1a2c439b047f560ede][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][ServerNames: *.asm.skype.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=*.asm.skype.com][Certificate SHA-1: B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48][Validity: 2019-05-07 12:50:03 - 2021-05-07 12:50:03][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,8,0,8,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,34,0,0]
15 TCP 192.168.1.6:60547 <-> 52.114.88.59:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 219/Microsoft365, Confidence: DNS][DPI packets: 16][cat: Collaborative/15][Breed: Acceptable][20 pkts/3926 bytes <-> 15 pkts/8828 bytes][Goodput ratio: 66/89][0.32 sec][Hostname/SNI: chatsvcagg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.384 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/25 91/80 23/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 196/589 1494/1506 320/612][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,10,5,0,5,10,5,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,21,0,0]
16 TCP 192.168.1.6:60565 <-> 52.114.108.8:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][19 pkts/3306 bytes <-> 14 pkts/9053 bytes][Goodput ratio: 61/90][0.43 sec][Hostname/SNI: emea.ng.msg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.465 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/12 276/54 68/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 174/647 1060/1506 238/633][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,22,16,5,0,0,5,0,0,0,0,0,0,5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,22,0,0]
17 TCP 192.168.1.6:60541 <-> 52.114.75.69:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 10][cat: Collaborative/15][Breed: Acceptable][13 pkts/4051 bytes <-> 9 pkts/7973 bytes][Goodput ratio: 79/92][0.14 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.326 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/11 31/36 14/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 312/886 1494/1506 422/676][nDPI Fingerprint: 5fb4c79ca06d0d1a2c439b047f560ede][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][ServerNames: *.asm.skype.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=*.asm.skype.com][Certificate SHA-1: B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48][Validity: 2019-05-07 12:50:03 - 2021-05-07 12:50:03][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,8,0,8,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,34,0,0]
18 TCP 192.168.1.6:60556 <-> 40.126.9.7:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 219/Microsoft365][Encrypted][Confidence: DPI][FPC: 219/Microsoft365, Confidence: IP address][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][15 pkts/4178 bytes <-> 12 pkts/7795 bytes][Goodput ratio: 76/90][0.43 sec][Hostname/SNI: login.microsoftonline.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.302 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/45 105/135 29/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 279/650 1494/1506 415/671][nDPI Fingerprint: 7d566af7d9cf82d9648af572f48542b0][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d2010h2_2a284e3b0c56_f05fdf8c38a9][Safari][Plen Bins: 7,7,0,15,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,7,31,0,0]
19 TCP 192.168.1.6:60560 <-> 40.126.9.67:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 219/Microsoft365][Encrypted][Confidence: DPI][FPC: 219/Microsoft365, Confidence: IP address][DPI packets: 9][cat: Collaborative/15][Breed: Acceptable][14 pkts/4099 bytes <-> 12 pkts/7812 bytes][Goodput ratio: 77/90][0.36 sec][Hostname/SNI: login.microsoftonline.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.312 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/20 107/54 31/21][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 293/651 1494/1506 427/672][nDPI Fingerprint: 7d566af7d9cf82d9648af572f48542b0][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d2010h2_2a284e3b0c56_f05fdf8c38a9][ServerNames: login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com][JA3S: 678aeaf909676262acfb913ccb78a126][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=stamp2.login.microsoftonline.com][Certificate SHA-1: 7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63][Safari][Validity: 2018-09-24 21:49:30 - 2020-09-24 21:49:30][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,7,0,15,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,7,31,0,0]
20 TCP 192.168.1.6:60544 <-> 52.114.76.48:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][21 pkts/3510 bytes <-> 17 pkts/8350 bytes][Goodput ratio: 67/89][9.73 sec][Hostname/SNI: northeurope.notifications.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.408 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/743 403/8978 94/2380][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 167/491 1114/1506 247/578][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,10,0,5,0,0,10,5,0,0,15,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,21,0,0]
20 TCP 192.168.1.6:60544 <-> 52.114.76.48:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][21 pkts/3510 bytes <-> 17 pkts/8350 bytes][Goodput ratio: 67/89][9.73 sec][Hostname/SNI: northeurope.notifications.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.408 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/743 403/8978 94/2380][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 167/491 1114/1506 247/578][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,10,0,5,0,0,10,5,0,0,15,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,21,0,0]
21 TCP 192.168.1.6:60562 <-> 104.40.187.151:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI (partial)][FPC: 276/Azure, Confidence: IP address][DPI packets: 16][cat: Collaborative/15][Breed: Safe][19 pkts/3484 bytes <-> 13 pkts/8009 bytes][Goodput ratio: 63/89][0.29 sec][Hostname/SNI: api.microsoftstream.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.394 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/12 45/45 15/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 183/616 1379/1506 297/613][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,22,22,0,0,0,5,5,0,0,0,5,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,22,0,0]
22 TCP 192.168.1.6:60563 <-> 52.169.186.119:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI (partial)][FPC: 276/Azure, Confidence: IP address][DPI packets: 16][cat: Collaborative/15][Breed: Safe][17 pkts/3244 bytes <-> 12 pkts/8152 bytes][Goodput ratio: 65/90][0.22 sec][Hostname/SNI: euno-1.api.microsoftstream.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.431 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/13 69/48 22/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 191/679 1352/1506 306/618][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,18,18,0,0,0,6,6,0,0,0,6,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,25,0,0]
23 TCP 192.168.1.6:60552 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 8][cat: Collaborative/15][Breed: Acceptable][14 pkts/5842 bytes <-> 11 pkts/5445 bytes][Goodput ratio: 84/86][0.66 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.035 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/71 143/237 42/77][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 417/495 1494/1506 527/609][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 8,8,8,0,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,16,16,0,0]
24 TCP 192.168.1.6:60542 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 12][cat: Collaborative/15][Breed: Safe][18 pkts/2750 bytes <-> 19 pkts/8360 bytes][Goodput ratio: 64/87][2.95 sec][Hostname/SNI: config.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.505 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 197/61 1998/468 513/122][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 153/440 575/1506 158/563][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][ServerNames: *.config.teams.microsoft.com,config.teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=config.teams.microsoft.com][Certificate SHA-1: B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA][Validity: 2019-12-11 02:04:20 - 2021-12-11 02:04:20][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,11,11,0,11,0,11,0,0,11,5,0,5,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0]
25 TCP 192.168.1.6:60536 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: IP address][DPI packets: 12][cat: Collaborative/15][Breed: Safe][13 pkts/3676 bytes <-> 10 pkts/6984 bytes][Goodput ratio: 80/92][0.04 sec][Hostname/SNI: teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.310 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/4 13/15 5/6][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 283/698 1494/1506 438/666][nDPI Fingerprint: 5fb4c79ca06d0d1a2c439b047f560ede][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][ServerNames: teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,7,15,0,7,0,15,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0]
24 TCP 192.168.1.6:60542 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 12][cat: Collaborative/15][Breed: Acceptable][18 pkts/2750 bytes <-> 19 pkts/8360 bytes][Goodput ratio: 64/87][2.95 sec][Hostname/SNI: config.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.505 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 197/61 1998/468 513/122][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 153/440 575/1506 158/563][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][ServerNames: *.config.teams.microsoft.com,config.teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=config.teams.microsoft.com][Certificate SHA-1: B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA][Validity: 2019-12-11 02:04:20 - 2021-12-11 02:04:20][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,11,11,0,11,0,11,0,0,11,5,0,5,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0]
25 TCP 192.168.1.6:60536 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: IP address][DPI packets: 12][cat: Collaborative/15][Breed: Acceptable][13 pkts/3676 bytes <-> 10 pkts/6984 bytes][Goodput ratio: 80/92][0.04 sec][Hostname/SNI: teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.310 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/4 13/15 5/6][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 283/698 1494/1506 438/666][nDPI Fingerprint: 5fb4c79ca06d0d1a2c439b047f560ede][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][ServerNames: teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,7,15,0,7,0,15,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0]
26 TCP 192.168.1.6:60568 <-> 40.79.138.41:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI (partial)][FPC: 212/Microsoft, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][12 pkts/2175 bytes <-> 9 pkts/8211 bytes][Goodput ratio: 62/93][0.18 sec][Hostname/SNI: gate.hockeyapp.net][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.581 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/22 37/68 16/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 181/912 599/1506 178/631][nDPI Fingerprint: 7d566af7d9cf82d9648af572f48542b0][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d2010h2_2a284e3b0c56_f05fdf8c38a9][Safari][Plen Bins: 0,0,0,9,0,9,0,9,0,0,0,0,9,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,36,0,0]
27 TCP 192.168.1.6:60564 <-> 40.79.138.41:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI (partial)][FPC: 212/Microsoft, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][12 pkts/2159 bytes <-> 9 pkts/8211 bytes][Goodput ratio: 62/93][0.17 sec][Hostname/SNI: gate.hockeyapp.net][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.584 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/20 33/42 14/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 180/912 599/1506 176/631][nDPI Fingerprint: 7d566af7d9cf82d9648af572f48542b0][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d2010h2_2a284e3b0c56_f05fdf8c38a9][Safari][Plen Bins: 0,0,0,9,0,9,0,9,0,0,0,0,9,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,36,0,0]
28 TCP 192.168.1.6:60551 <-> 52.114.15.45:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 11][cat: Collaborative/15][Breed: Safe][13 pkts/2426 bytes <-> 11 pkts/7772 bytes][Goodput ratio: 70/92][0.88 sec][Hostname/SNI: trouter2-asse-a.trouter.teams.microsoft.com][bytes ratio: -0.524 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 70/90 207/235 82/92][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 187/707 1393/1506 353/636][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: *.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2][Subject: CN=*.trouter.teams.microsoft.com][Certificate SHA-1: DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4][Firefox][Validity: 2019-11-29 17:57:58 - 2021-11-29 17:57:58][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,24,0,7,7,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,31,0,0]
28 TCP 192.168.1.6:60551 <-> 52.114.15.45:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 11][cat: Collaborative/15][Breed: Acceptable][13 pkts/2426 bytes <-> 11 pkts/7772 bytes][Goodput ratio: 70/92][0.88 sec][Hostname/SNI: trouter2-asse-a.trouter.teams.microsoft.com][bytes ratio: -0.524 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 70/90 207/235 82/92][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 187/707 1393/1506 353/636][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: *.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2][Subject: CN=*.trouter.teams.microsoft.com][Certificate SHA-1: DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4][Firefox][Validity: 2019-11-29 17:57:58 - 2021-11-29 17:57:58][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,24,0,7,7,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,31,0,0]
29 TCP 192.168.1.6:60534 <-> 40.126.9.5:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 219/Microsoft365][Encrypted][Confidence: DPI][FPC: 219/Microsoft365, Confidence: IP address][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][15 pkts/2846 bytes <-> 10 pkts/7289 bytes][Goodput ratio: 64/91][0.20 sec][Hostname/SNI: login.microsoftonline.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.438 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/21 41/53 16/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 190/729 1471/1506 349/665][nDPI Fingerprint: 7d566af7d9cf82d9648af572f48542b0][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d2010h2_2a284e3b0c56_f05fdf8c38a9][Safari][Plen Bins: 9,9,0,18,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,36,0,0]
30 TCP 162.125.19.131:443 <-> 192.168.1.6:60344 [proto: 91/TLS][Stack: TLS][IP: 121/Dropbox][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 3][cat: Web/5][Breed: Safe][8 pkts/761 bytes <-> 8 pkts/9347 bytes][Goodput ratio: 31/94][0.12 sec][bytes ratio: -0.849 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/1 111/4 41/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 95/1168 299/1494 77/500][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,63,0,0,0]
31 TCP 192.168.1.6:60567 <-> 52.114.77.136:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][13 pkts/2389 bytes <-> 11 pkts/7293 bytes][Goodput ratio: 69/91][1.77 sec][Hostname/SNI: api.flightproxy.teams.microsoft.com][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/50 84/122 28/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 184/663 703/1506 228/665][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 0,16,0,16,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,16,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
32 TCP 192.168.1.6:60557 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 12][cat: Collaborative/15][Breed: Safe][12 pkts/2422 bytes <-> 13 pkts/7118 bytes][Goodput ratio: 72/90][0.17 sec][Hostname/SNI: teams.microsoft.com][bytes ratio: -0.492 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/14 91/79 27/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 202/548 954/1506 267/645][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Firefox][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,0,8,0,8,8,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
31 TCP 192.168.1.6:60567 <-> 52.114.77.136:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][13 pkts/2389 bytes <-> 11 pkts/7293 bytes][Goodput ratio: 69/91][1.77 sec][Hostname/SNI: api.flightproxy.teams.microsoft.com][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/50 84/122 28/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 184/663 703/1506 228/665][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 0,16,0,16,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,16,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
32 TCP 192.168.1.6:60557 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 12][cat: Collaborative/15][Breed: Acceptable][12 pkts/2422 bytes <-> 13 pkts/7118 bytes][Goodput ratio: 72/90][0.17 sec][Hostname/SNI: teams.microsoft.com][bytes ratio: -0.492 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/14 91/79 27/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 202/548 954/1506 267/645][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Firefox][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,0,8,0,8,8,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
33 UDP 93.71.110.205:16332 <-> 192.168.1.6:50016 [proto: 78.38/STUN.TeamsCall][Stack: STUN.TeamsCall][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.TeamsCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][Breed: Acceptable][30 pkts/5952 bytes <-> 7 pkts/3184 bytes][Goodput ratio: 79/91][2.72 sec][bytes ratio: 0.303 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 99/467 1167/1168 282/553][Pkt Len c2s/s2c min/avg/max/stddev: 80/80 198/455 1256/1256 284/507][Mapped IP/Port: 93.71.110.205:16332][PLAIN TEXT (SMnzNK)][Plen Bins: 0,8,60,18,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0]
34 TCP 192.168.1.6:50036 <-> 52.114.250.153:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 13][cat: Collaborative/15][Breed: Safe][17 pkts/1759 bytes <-> 13 pkts/7267 bytes][Goodput ratio: 46/90][3.92 sec][Hostname/SNI: 52.114.250.153][bytes ratio: -0.610 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 273/381 3619/3662 928/1094][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 103/559 289/1506 79/554][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.153 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][nDPI Fingerprint: 9a0007ae7d111b0357685510564bb3b6][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 11,11,0,11,0,18,5,5,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0]
35 TCP 192.168.1.6:60538 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][12 pkts/1791 bytes <-> 8 pkts/7215 bytes][Goodput ratio: 54/93][0.15 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.602 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/16 37/65 15/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 149/902 689/1506 176/629][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,10,0,10,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
36 TCP 192.168.1.6:60539 <-> 52.114.75.69:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][12 pkts/1773 bytes <-> 8 pkts/7189 bytes][Goodput ratio: 53/93][0.15 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/20 32/58 15/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 148/899 674/1506 171/632][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,10,0,10,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
37 TCP 192.168.1.6:50018 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][20 pkts/1629 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 29/90][1.92 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.626 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/18 69/92 24/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 81/546 241/1506 48/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
38 TCP 192.168.1.6:50021 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][18 pkts/1509 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 32/90][0.66 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.649 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/23 46/85 20/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 84/546 241/1506 50/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
39 TCP 192.168.1.6:50014 <-> 52.114.250.152:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 14][cat: Collaborative/15][Breed: Safe][14 pkts/1347 bytes <-> 11 pkts/6975 bytes][Goodput ratio: 42/91][0.22 sec][Hostname/SNI: 52.114.250.152][bytes ratio: -0.676 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/22 43/84 20/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96/634 289/1506 73/570][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.152 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][nDPI Fingerprint: 9a0007ae7d111b0357685510564bb3b6][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,14,0,14,0,14,0,7,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0]
34 TCP 192.168.1.6:50036 <-> 52.114.250.153:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 13][cat: Collaborative/15][Breed: Acceptable][17 pkts/1759 bytes <-> 13 pkts/7267 bytes][Goodput ratio: 46/90][3.92 sec][Hostname/SNI: 52.114.250.153][bytes ratio: -0.610 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 273/381 3619/3662 928/1094][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 103/559 289/1506 79/554][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.153 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][nDPI Fingerprint: 9a0007ae7d111b0357685510564bb3b6][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 11,11,0,11,0,18,5,5,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0]
35 TCP 192.168.1.6:60538 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][12 pkts/1791 bytes <-> 8 pkts/7215 bytes][Goodput ratio: 54/93][0.15 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.602 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/16 37/65 15/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 149/902 689/1506 176/629][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,10,0,10,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
36 TCP 192.168.1.6:60539 <-> 52.114.75.69:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][12 pkts/1773 bytes <-> 8 pkts/7189 bytes][Goodput ratio: 53/93][0.15 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/20 32/58 15/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 148/899 674/1506 171/632][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,10,0,10,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
37 TCP 192.168.1.6:50018 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][20 pkts/1629 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 29/90][1.92 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.626 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/18 69/92 24/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 81/546 241/1506 48/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
38 TCP 192.168.1.6:50021 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][18 pkts/1509 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 32/90][0.66 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.649 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/23 46/85 20/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 84/546 241/1506 50/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
39 TCP 192.168.1.6:50014 <-> 52.114.250.152:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 14][cat: Collaborative/15][Breed: Acceptable][14 pkts/1347 bytes <-> 11 pkts/6975 bytes][Goodput ratio: 42/91][0.22 sec][Hostname/SNI: 52.114.250.152][bytes ratio: -0.676 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/22 43/84 20/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96/634 289/1506 73/570][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.152 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][nDPI Fingerprint: 9a0007ae7d111b0357685510564bb3b6][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,14,0,14,0,14,0,7,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0]
40 TCP 192.168.1.6:60566 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][Stack: TLS.ntop][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 6][cat: Network/14][Breed: Safe][9 pkts/3029 bytes <-> 8 pkts/2213 bytes][Goodput ratio: 80/76][2.73 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 351/431 1977/2053 668/728][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/277 1012/1291 385/397][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][nDPI Fingerprint: c065e46d9db9a0ceb94dd29c4017c325][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0]
41 TCP 192.168.1.6:60546 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][Stack: TLS.ntop][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 6][cat: Network/14][Breed: Safe][10 pkts/2195 bytes <-> 10 pkts/2077 bytes][Goodput ratio: 69/68][5.38 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 650/754 5000/5000 1645/1734][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/208 1021/1292 308/364][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][nDPI Fingerprint: c065e46d9db9a0ceb94dd29c4017c325][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0]
42 UDP 192.168.1.6:50036 <-> 52.114.250.137:3478 [proto: 78.38/STUN.TeamsCall][Stack: STUN.TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.TeamsCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][Breed: Acceptable][5 pkts/1390 bytes <-> 4 pkts/733 bytes][Goodput ratio: 85/77][4.06 sec][bytes ratio: 0.309 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/100 1003/774 2235/2092 994/932][Pkt Len c2s/s2c min/avg/max/stddev: 228/174 278/183 314/198 33/10][Mapped IP/Port: 93.71.110.205:16333][Peer IP/Port: 18.140.192.228:28678][PLAIN TEXT (rtcmedia)][Plen Bins: 0,0,0,0,44,11,11,11,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

4
tests/cfgs/classification_only/result/http-pwd.pcapng.out
View file

@ -24,6 +24,6 @@ ntop 14 1805 1
Safe 14 1805 1
Web 14 1805 1
Network 14 1805 1
1 TCP 127.0.0.1:56451 <-> 127.0.0.1:3000 [proto: 7.26/HTTP.ntop][Stack: HTTP.ntop][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][Breed: Safe][7 pkts/1151 bytes <-> 7 pkts/654 bytes][Goodput ratio: 65/38][0.00 sec][Hostname/SNI: localhost][bytes ratio: 0.275 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4/4 1/1 4/4 2/2][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 164/93 747/306 239/87][URL: localhost:3000/authorize.html][StatusCode: 302][Server: ntopng 6.3.241001 (arm64)][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1 Safari/605.1.15][PLAIN TEXT (XPOST /authorize.html HTTP/1.1)][Plen Bins: 0,33,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
1 TCP 127.0.0.1:56451 <-> 127.0.0.1:3000 [proto: 7.26/HTTP.ntop][Stack: HTTP.ntop][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Network/14][Breed: Safe][7 pkts/1151 bytes <-> 7 pkts/654 bytes][Goodput ratio: 65/38][0.00 sec][Hostname/SNI: localhost][bytes ratio: 0.275 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4/4 1/1 4/4 2/2][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 164/93 747/306 239/87][URL: localhost:3000/authorize.html][StatusCode: 302][Server: ntopng 6.3.241001 (arm64)][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1 Safari/605.1.15][PLAIN TEXT (XPOST /authorize.html HTTP/1.1)][Plen Bins: 0,33,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

2
tests/cfgs/classification_only/result/sip.pcap.out
View file

@ -25,8 +25,8 @@ Unknown 1 146 1
RTP 9 1926 1
SIP 102 47087 2
Acceptable 111 49013 3
Unrated 1 146 1
Acceptable 111 49013 3
Unspecified 1 146 1
Media 9 1926 1

40
tests/cfgs/classification_only/result/teams.pcap.out
View file

@ -40,10 +40,10 @@ Spotify 1 82 1
Microsoft365 531 334618 13
Teams 722 277403 23
Safe 782 298577 28
Acceptable 711 377880 53
Fun 1 82 1
Unrated 4 456 1
Safe 218 82167 11
Acceptable 1275 594290 70
Fun 1 82 1
Unspecified 4 456 1
Web 23 11660 3
@ -55,42 +55,42 @@ Music 1 82 1
1 TCP 192.168.1.6:60543 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Acceptable][67 pkts/86089 bytes <-> 40 pkts/7347 bytes][Goodput ratio: 95/64][0.72 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.843 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/16 152/86 28/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1285/184 1494/1506 497/372][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 1,1,1,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,89,3,0,0]
2 TCP 192.168.1.6:60532 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Acceptable][49 pkts/58592 bytes <-> 28 pkts/6555 bytes][Goodput ratio: 94/72][0.71 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.799 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/29 177/221 32/57][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1196/234 1494/1506 564/435][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 2,2,2,0,0,2,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,81,4,0,0]
3 TCP 192.168.1.6:60554 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Safe][24 pkts/2746 bytes <-> 28 pkts/30546 bytes][Goodput ratio: 52/95][0.23 sec][Hostname/SNI: config.teams.microsoft.com][bytes ratio: -0.835 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/9 21/140 7/29][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 114/1091 1136/1506 217/607][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 0,7,0,3,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,0,0,7,0,0,0,0,0,65,0,0]
3 TCP 192.168.1.6:60554 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Acceptable][24 pkts/2746 bytes <-> 28 pkts/30546 bytes][Goodput ratio: 52/95][0.23 sec][Hostname/SNI: config.teams.microsoft.com][bytes ratio: -0.835 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/9 21/140 7/29][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 114/1091 1136/1506 217/607][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 0,7,0,3,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,0,0,7,0,0,0,0,0,65,0,0]
4 TCP 192.168.1.6:60561 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Acceptable][23 pkts/19184 bytes <-> 14 pkts/5643 bytes][Goodput ratio: 92/83][0.82 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.545 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/44 161/136 43/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 834/403 1494/1506 690/567][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 4,4,4,0,0,0,9,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,60,9,0,0]
5 TCP 192.168.1.6:60535 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Acceptable][21 pkts/16793 bytes <-> 13 pkts/5565 bytes][Goodput ratio: 92/84][0.33 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.502 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/18 48/49 17/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 800/428 1494/1506 681/581][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 5,5,5,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,53,10,0,0]
6 TCP 192.168.1.6:60559 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Acceptable][21 pkts/15525 bytes <-> 12 pkts/5499 bytes][Goodput ratio: 91/85][0.35 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.477 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/21 52/51 22/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 739/458 1494/1506 682/595][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 5,5,5,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,52,11,0,0]
7 TCP 192.168.1.6:60545 <-> 52.114.77.58:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Safe][49 pkts/7568 bytes <-> 34 pkts/11426 bytes][Goodput ratio: 65/83][9.23 sec][Hostname/SNI: presence.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.203 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 226/294 4927/4971 803/983][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 154/336 1494/1506 217/458][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 0,21,17,10,8,6,4,0,6,2,0,0,2,6,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]
7 TCP 192.168.1.6:60545 <-> 52.114.77.58:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Acceptable][49 pkts/7568 bytes <-> 34 pkts/11426 bytes][Goodput ratio: 65/83][9.23 sec][Hostname/SNI: presence.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.203 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 226/294 4927/4971 803/983][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 154/336 1494/1506 217/458][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 0,21,17,10,8,6,4,0,6,2,0,0,2,6,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]
8 TCP 192.168.1.6:60549 <-> 13.107.18.11:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 21/Outlook][Encrypted][Confidence: DPI][FPC: 21/Outlook, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Acceptable][28 pkts/7696 bytes <-> 26 pkts/9797 bytes][Goodput ratio: 80/85][1.16 sec][Hostname/SNI: substrate.office.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 47/23 539/167 115/43][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 275/377 1494/1506 397/471][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 0,22,7,0,7,0,7,0,0,3,3,0,0,0,3,0,7,0,3,0,10,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0]
9 TCP 192.168.1.6:60548 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Acceptable][18 pkts/12047 bytes <-> 11 pkts/5433 bytes][Goodput ratio: 90/86][0.32 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.378 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/23 51/51 21/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 669/494 1494/1506 669/609][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 6,6,6,0,0,0,6,0,0,0,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,44,12,0,0]
10 TCP 192.168.1.6:60533 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Safe][20 pkts/1861 bytes <-> 20 pkts/12980 bytes][Goodput ratio: 41/91][0.10 sec][Hostname/SNI: teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/4 29/29 8/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 93/649 312/1506 76/603][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 0,15,10,0,5,0,10,0,5,0,5,0,0,0,0,0,5,0,0,10,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0]
11 TCP 192.168.1.6:60540 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Safe][14 pkts/5711 bytes <-> 10 pkts/8093 bytes][Goodput ratio: 83/92][0.13 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.173 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 32/32 13/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 408/809 1494/1506 517/688][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 0,7,0,7,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,15,31,0,0]
10 TCP 192.168.1.6:60533 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Acceptable][20 pkts/1861 bytes <-> 20 pkts/12980 bytes][Goodput ratio: 41/91][0.10 sec][Hostname/SNI: teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/4 29/29 8/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 93/649 312/1506 76/603][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 0,15,10,0,5,0,10,0,5,0,5,0,0,0,0,0,5,0,0,10,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0]
11 TCP 192.168.1.6:60540 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Acceptable][14 pkts/5711 bytes <-> 10 pkts/8093 bytes][Goodput ratio: 83/92][0.13 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.173 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 32/32 13/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 408/809 1494/1506 517/688][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 0,7,0,7,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,15,31,0,0]
12 TCP 192.168.1.6:60537 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Acceptable][16 pkts/8418 bytes <-> 10 pkts/5367 bytes][Goodput ratio: 87/88][0.27 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.221 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/27 46/46 20/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 526/537 1494/1506 639/623][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 7,7,7,0,0,0,7,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,7,0,0,31,15,0,0]
13 TCP 192.168.1.6:60555 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Acceptable][18 pkts/5861 bytes <-> 13 pkts/7901 bytes][Goodput ratio: 80/89][2.79 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: -0.148 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 192/269 2443/2490 625/741][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 326/608 1494/1506 448/617][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 0,16,11,0,0,5,0,0,0,5,5,0,0,11,0,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,22,0,0]
14 UDP 192.168.1.6:51681 <-> 52.114.77.136:3478 [proto: 78/STUN][Stack: STUN][IP: 276/Azure][ClearText][Confidence: Match by port][FPC: 276/Azure, Confidence: IP address][DPI packets: 7][cat: Network/14][Breed: Acceptable][14 pkts/5838 bytes <-> 17 pkts/7907 bytes][Goodput ratio: 90/91][4.57 sec][bytes ratio: -0.151 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 347/256 2336/2336 693/595][Pkt Len c2s/s2c min/avg/max/stddev: 79/79 417/465 1243/1227 434/401][PLAIN TEXT (TBHSWF)][Plen Bins: 0,36,0,0,0,12,6,0,3,6,0,0,0,3,0,0,0,0,0,0,0,0,0,6,6,0,0,0,0,0,3,0,3,3,0,0,0,9,0,0,0,0,0,0,0,0,0,0]
15 TCP 192.168.1.6:60547 <-> 52.114.88.59:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Safe][20 pkts/3926 bytes <-> 15 pkts/8828 bytes][Goodput ratio: 66/89][0.32 sec][Hostname/SNI: chatsvcagg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.384 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/25 91/80 23/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 196/589 1494/1506 320/612][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 0,21,10,5,0,5,10,5,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,21,0,0]
16 TCP 192.168.1.6:60565 <-> 52.114.108.8:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Safe][19 pkts/3306 bytes <-> 14 pkts/9053 bytes][Goodput ratio: 61/90][0.43 sec][Hostname/SNI: emea.ng.msg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.465 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/12 276/54 68/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 174/647 1060/1506 238/633][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 0,22,16,5,0,0,5,0,0,0,0,0,0,5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,22,0,0]
17 TCP 192.168.1.6:60541 <-> 52.114.75.69:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Safe][13 pkts/4051 bytes <-> 9 pkts/7973 bytes][Goodput ratio: 79/92][0.14 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.326 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/11 31/36 14/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 312/886 1494/1506 422/676][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 0,8,0,8,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,34,0,0]
15 TCP 192.168.1.6:60547 <-> 52.114.88.59:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Acceptable][20 pkts/3926 bytes <-> 15 pkts/8828 bytes][Goodput ratio: 66/89][0.32 sec][Hostname/SNI: chatsvcagg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.384 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/25 91/80 23/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 196/589 1494/1506 320/612][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 0,21,10,5,0,5,10,5,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,21,0,0]
16 TCP 192.168.1.6:60565 <-> 52.114.108.8:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Acceptable][19 pkts/3306 bytes <-> 14 pkts/9053 bytes][Goodput ratio: 61/90][0.43 sec][Hostname/SNI: emea.ng.msg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.465 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/12 276/54 68/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 174/647 1060/1506 238/633][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 0,22,16,5,0,0,5,0,0,0,0,0,0,5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,22,0,0]
17 TCP 192.168.1.6:60541 <-> 52.114.75.69:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Acceptable][13 pkts/4051 bytes <-> 9 pkts/7973 bytes][Goodput ratio: 79/92][0.14 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.326 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/11 31/36 14/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 312/886 1494/1506 422/676][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 0,8,0,8,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,34,0,0]
18 TCP 192.168.1.6:60556 <-> 40.126.9.7:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 219/Microsoft365][Encrypted][Confidence: DPI][FPC: 219/Microsoft365, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Acceptable][15 pkts/4178 bytes <-> 12 pkts/7795 bytes][Goodput ratio: 76/90][0.43 sec][Hostname/SNI: login.microsoftonline.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.302 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/45 105/135 29/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 279/650 1494/1506 415/671][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 7,7,0,15,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,7,31,0,0]
19 TCP 192.168.1.6:60560 <-> 40.126.9.67:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 219/Microsoft365][Encrypted][Confidence: DPI][FPC: 219/Microsoft365, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Acceptable][14 pkts/4099 bytes <-> 12 pkts/7812 bytes][Goodput ratio: 77/90][0.36 sec][Hostname/SNI: login.microsoftonline.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.312 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/20 107/54 31/21][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 293/651 1494/1506 427/672][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 7,7,0,15,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,7,31,0,0]
20 TCP 192.168.1.6:60544 <-> 52.114.76.48:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Safe][21 pkts/3510 bytes <-> 17 pkts/8350 bytes][Goodput ratio: 67/89][9.73 sec][Hostname/SNI: northeurope.notifications.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.408 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/743 403/8978 94/2380][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 167/491 1114/1506 247/578][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 0,21,10,0,5,0,0,10,5,0,0,15,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,21,0,0]
20 TCP 192.168.1.6:60544 <-> 52.114.76.48:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Acceptable][21 pkts/3510 bytes <-> 17 pkts/8350 bytes][Goodput ratio: 67/89][9.73 sec][Hostname/SNI: northeurope.notifications.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.408 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/743 403/8978 94/2380][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 167/491 1114/1506 247/578][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 0,21,10,0,5,0,0,10,5,0,0,15,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,21,0,0]
21 TCP 192.168.1.6:60562 <-> 104.40.187.151:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI (partial)][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Safe][19 pkts/3484 bytes <-> 13 pkts/8009 bytes][Goodput ratio: 63/89][0.29 sec][Hostname/SNI: api.microsoftstream.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.394 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/12 45/45 15/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 183/616 1379/1506 297/613][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 0,22,22,0,0,0,5,5,0,0,0,5,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,22,0,0]
22 TCP 192.168.1.6:60563 <-> 52.169.186.119:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI (partial)][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Safe][17 pkts/3244 bytes <-> 12 pkts/8152 bytes][Goodput ratio: 65/90][0.22 sec][Hostname/SNI: euno-1.api.microsoftstream.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.431 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/13 69/48 22/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 191/679 1352/1506 306/618][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 0,18,18,0,0,0,6,6,0,0,0,6,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,25,0,0]
23 TCP 192.168.1.6:60552 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Acceptable][14 pkts/5842 bytes <-> 11 pkts/5445 bytes][Goodput ratio: 84/86][0.66 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.035 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/71 143/237 42/77][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 417/495 1494/1506 527/609][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 8,8,8,0,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,16,16,0,0]
24 TCP 192.168.1.6:60542 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Safe][18 pkts/2750 bytes <-> 19 pkts/8360 bytes][Goodput ratio: 64/87][2.95 sec][Hostname/SNI: config.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.505 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 197/61 1998/468 513/122][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 153/440 575/1506 158/563][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 0,11,11,0,11,0,11,0,0,11,5,0,5,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0]
25 TCP 192.168.1.6:60536 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Safe][13 pkts/3676 bytes <-> 10 pkts/6984 bytes][Goodput ratio: 80/92][0.04 sec][Hostname/SNI: teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.310 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/4 13/15 5/6][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 283/698 1494/1506 438/666][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 0,7,15,0,7,0,15,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0]
24 TCP 192.168.1.6:60542 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Acceptable][18 pkts/2750 bytes <-> 19 pkts/8360 bytes][Goodput ratio: 64/87][2.95 sec][Hostname/SNI: config.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.505 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 197/61 1998/468 513/122][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 153/440 575/1506 158/563][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 0,11,11,0,11,0,11,0,0,11,5,0,5,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0]
25 TCP 192.168.1.6:60536 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Acceptable][13 pkts/3676 bytes <-> 10 pkts/6984 bytes][Goodput ratio: 80/92][0.04 sec][Hostname/SNI: teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.310 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/4 13/15 5/6][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 283/698 1494/1506 438/666][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 0,7,15,0,7,0,15,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0]
26 TCP 192.168.1.6:60568 <-> 40.79.138.41:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI (partial)][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Safe][12 pkts/2175 bytes <-> 9 pkts/8211 bytes][Goodput ratio: 62/93][0.18 sec][Hostname/SNI: gate.hockeyapp.net][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.581 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/22 37/68 16/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 181/912 599/1506 178/631][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 0,0,0,9,0,9,0,9,0,0,0,0,9,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,36,0,0]
27 TCP 192.168.1.6:60564 <-> 40.79.138.41:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI (partial)][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Safe][12 pkts/2159 bytes <-> 9 pkts/8211 bytes][Goodput ratio: 62/93][0.17 sec][Hostname/SNI: gate.hockeyapp.net][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.584 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/20 33/42 14/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 180/912 599/1506 176/631][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 0,0,0,9,0,9,0,9,0,0,0,0,9,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,36,0,0]
28 TCP 192.168.1.6:60551 <-> 52.114.15.45:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Safe][13 pkts/2426 bytes <-> 11 pkts/7772 bytes][Goodput ratio: 70/92][0.88 sec][Hostname/SNI: trouter2-asse-a.trouter.teams.microsoft.com][bytes ratio: -0.524 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 70/90 207/235 82/92][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 187/707 1393/1506 353/636][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 0,24,0,7,7,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,31,0,0]
28 TCP 192.168.1.6:60551 <-> 52.114.15.45:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Acceptable][13 pkts/2426 bytes <-> 11 pkts/7772 bytes][Goodput ratio: 70/92][0.88 sec][Hostname/SNI: trouter2-asse-a.trouter.teams.microsoft.com][bytes ratio: -0.524 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 70/90 207/235 82/92][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 187/707 1393/1506 353/636][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 0,24,0,7,7,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,31,0,0]
29 TCP 192.168.1.6:60534 <-> 40.126.9.5:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 219/Microsoft365][Encrypted][Confidence: DPI][FPC: 219/Microsoft365, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Acceptable][15 pkts/2846 bytes <-> 10 pkts/7289 bytes][Goodput ratio: 64/91][0.20 sec][Hostname/SNI: login.microsoftonline.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.438 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/21 41/53 16/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 190/729 1471/1506 349/665][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 9,9,0,18,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,36,0,0]
30 TCP 162.125.19.131:443 <-> 192.168.1.6:60344 [proto: 91/TLS][Stack: TLS][IP: 121/Dropbox][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 3][cat: Web/5][Breed: Safe][8 pkts/761 bytes <-> 8 pkts/9347 bytes][Goodput ratio: 31/94][0.12 sec][bytes ratio: -0.849 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/1 111/4 41/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 95/1168 299/1494 77/500][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,63,0,0,0]
31 TCP 192.168.1.6:60567 <-> 52.114.77.136:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Safe][13 pkts/2389 bytes <-> 11 pkts/7293 bytes][Goodput ratio: 69/91][1.77 sec][Hostname/SNI: api.flightproxy.teams.microsoft.com][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/50 84/122 28/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 184/663 703/1506 228/665][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 0,16,0,16,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,16,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
32 TCP 192.168.1.6:60557 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Safe][12 pkts/2422 bytes <-> 13 pkts/7118 bytes][Goodput ratio: 72/90][0.17 sec][Hostname/SNI: teams.microsoft.com][bytes ratio: -0.492 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/14 91/79 27/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 202/548 954/1506 267/645][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 0,16,0,8,0,8,8,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
31 TCP 192.168.1.6:60567 <-> 52.114.77.136:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Acceptable][13 pkts/2389 bytes <-> 11 pkts/7293 bytes][Goodput ratio: 69/91][1.77 sec][Hostname/SNI: api.flightproxy.teams.microsoft.com][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/50 84/122 28/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 184/663 703/1506 228/665][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 0,16,0,16,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,16,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
32 TCP 192.168.1.6:60557 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Acceptable][12 pkts/2422 bytes <-> 13 pkts/7118 bytes][Goodput ratio: 72/90][0.17 sec][Hostname/SNI: teams.microsoft.com][bytes ratio: -0.492 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/14 91/79 27/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 202/548 954/1506 267/645][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 0,16,0,8,0,8,8,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
33 UDP 93.71.110.205:16332 <-> 192.168.1.6:50016 [proto: 78.38/STUN.TeamsCall][Stack: STUN.TeamsCall][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.TeamsCall, Confidence: DPI][DPI packets: 1][cat: VoIP/10][Breed: Acceptable][30 pkts/5952 bytes <-> 7 pkts/3184 bytes][Goodput ratio: 79/91][2.72 sec][bytes ratio: 0.303 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 99/467 1167/1168 282/553][Pkt Len c2s/s2c min/avg/max/stddev: 80/80 198/455 1256/1256 284/507][PLAIN TEXT (SMnzNK)][Plen Bins: 0,8,60,18,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0]
34 TCP 192.168.1.6:50036 <-> 52.114.250.153:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI (partial)][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Safe][17 pkts/1759 bytes <-> 13 pkts/7267 bytes][Goodput ratio: 46/90][3.92 sec][Hostname/SNI: 52.114.250.153][bytes ratio: -0.610 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 273/381 3619/3662 928/1094][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 103/559 289/1506 79/554][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 11,11,0,11,0,18,5,5,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0]
35 TCP 192.168.1.6:60538 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Safe][12 pkts/1791 bytes <-> 8 pkts/7215 bytes][Goodput ratio: 54/93][0.15 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.602 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/16 37/65 15/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 149/902 689/1506 176/629][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 0,10,0,10,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
36 TCP 192.168.1.6:60539 <-> 52.114.75.69:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Safe][12 pkts/1773 bytes <-> 8 pkts/7189 bytes][Goodput ratio: 53/93][0.15 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/20 32/58 15/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 148/899 674/1506 171/632][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 0,10,0,10,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
37 TCP 192.168.1.6:50018 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Safe][20 pkts/1629 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 29/90][1.92 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.626 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/18 69/92 24/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 81/546 241/1506 48/564][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
38 TCP 192.168.1.6:50021 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Safe][18 pkts/1509 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 32/90][0.66 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.649 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/23 46/85 20/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 84/546 241/1506 50/564][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
35 TCP 192.168.1.6:60538 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Acceptable][12 pkts/1791 bytes <-> 8 pkts/7215 bytes][Goodput ratio: 54/93][0.15 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.602 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/16 37/65 15/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 149/902 689/1506 176/629][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 0,10,0,10,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
36 TCP 192.168.1.6:60539 <-> 52.114.75.69:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Acceptable][12 pkts/1773 bytes <-> 8 pkts/7189 bytes][Goodput ratio: 53/93][0.15 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/20 32/58 15/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 148/899 674/1506 171/632][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 0,10,0,10,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
37 TCP 192.168.1.6:50018 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Acceptable][20 pkts/1629 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 29/90][1.92 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.626 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/18 69/92 24/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 81/546 241/1506 48/564][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
38 TCP 192.168.1.6:50021 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Acceptable][18 pkts/1509 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 32/90][0.66 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.649 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/23 46/85 20/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 84/546 241/1506 50/564][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
39 TCP 192.168.1.6:50014 <-> 52.114.250.152:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI (partial)][FPC: 276/Azure, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Safe][14 pkts/1347 bytes <-> 11 pkts/6975 bytes][Goodput ratio: 42/91][0.22 sec][Hostname/SNI: 52.114.250.152][bytes ratio: -0.676 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/22 43/84 20/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96/634 289/1506 73/570][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 7,14,0,14,0,14,0,7,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0]
40 TCP 192.168.1.6:60566 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][Stack: TLS.ntop][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 4][cat: Network/14][Breed: Safe][9 pkts/3029 bytes <-> 8 pkts/2213 bytes][Goodput ratio: 80/76][2.73 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 351/431 1977/2053 668/728][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/277 1012/1291 385/397][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 0,14,0,0,14,0,0,0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0]
41 TCP 192.168.1.6:60546 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][Stack: TLS.ntop][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 4][cat: Network/14][Breed: Safe][10 pkts/2195 bytes <-> 10 pkts/2077 bytes][Goodput ratio: 69/68][5.38 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 650/754 5000/5000 1645/1734][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/208 1021/1292 308/364][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][TLSv1.2][Plen Bins: 16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0]

15
tests/cfgs/default/result/1kxun.pcap.out
View file

@ -46,11 +46,12 @@ MpegDash 1 299 1
Line 28 18656 2
Mikrotik 5 864 5
Safe 126 30113 10
Acceptable 640 515748 128
Fun 933 1975152 48
Dangerous 5 1197 2
Unrated 19 5564 9
Safe 126 30113 10
Acceptable 614 462930 125
Fun 935 1977419 49
Dangerous 5 1197 2
Tracker_Ads 24 50551 2
Unspecified 19 5564 9
Media 13 4318 2
@ -92,10 +93,10 @@ JA Host Stats:
22 TCP 192.168.115.8:49606 <-> 106.185.35.110:80 [proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][Breed: Fun][22 pkts/1926 bytes <-> 28 pkts/33821 bytes][Goodput ratio: 37/95][0.42 sec][Hostname/SNI: jp.kankan.1kxun.mobi][bytes ratio: -0.892 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/8 194/109 46/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 88/1208 411/1314 102/329][URL: jp.kankan.1kxun.mobi/api/movies/mp4script/10410?definition=true][StatusCode: 200][Content-Type: text/xml][Server: openresty/1.9.7.1][Risk: ** HTTP Susp User-Agent **][Risk Score: 100][Risk Info: Empty or missing User-Agent][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /api/movies/mp4)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,89,0,0,0,0,0,0,0,0]
23 TCP 192.168.115.8:49599 <-> 106.187.35.246:80 [proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][Breed: Fun][16 pkts/1612 bytes <-> 27 pkts/29579 bytes][Goodput ratio: 45/95][45.24 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.897 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/6 66/65 23/18][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 101/1096 415/1314 119/461][URL: pic.1kxun.com/video_kankan/images/videos/13480-alps.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /video)][Plen Bins: 7,3,0,0,0,0,0,0,0,3,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,79,0,0,0,0,0,0,0,0]
24 TCP 192.168.2.126:44368 <-> 172.217.18.98:80 [proto: 7.239/HTTP.GoogleServices][Stack: HTTP.GoogleServices][IP: 126/Google][ClearText][Confidence: DPI][FPC: 7.239/HTTP.GoogleServices, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/489 bytes <-> 16 pkts/29841 bytes][Goodput ratio: 86/96][0.06 sec][Hostname/SNI: www.googletagservices.com][bytes ratio: -0.968 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/2 0/22 0/6][Pkt Len c2s/s2c min/avg/max/stddev: 489/491 489/1865 489/2902 0/738][URL: www.googletagservices.com/tag/js/gpt.js][StatusCode: 200][Content-Type: text/javascript][Server: sffe][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /tag/js/gpt.j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,59,0,0,29]
25 TCP 192.168.2.126:38354 <-> 142.250.186.34:80 [proto: 7.126/HTTP.Google][Stack: HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][FPC: 7.126/HTTP.Google, Confidence: DPI][DPI packets: 9][cat: Advertisement/101][Breed: Acceptable][1 pkts/586 bytes <-> 12 pkts/28355 bytes][Goodput ratio: 89/97][0.08 sec][Hostname/SNI: pagead2.googlesyndication.com][bytes ratio: -0.960 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/23 0/7][Pkt Len c2s/s2c min/avg/max/stddev: 586/687 586/2363 586/2902 0/788][URL: pagead2.googlesyndication.com/pagead/show_ads.js][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /pagead/show)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0,62]
25 TCP 192.168.2.126:38354 <-> 142.250.186.34:80 [proto: 7.126/HTTP.Google][Stack: HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][FPC: 7.126/HTTP.Google, Confidence: DPI][DPI packets: 9][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/586 bytes <-> 12 pkts/28355 bytes][Goodput ratio: 89/97][0.08 sec][Hostname/SNI: pagead2.googlesyndication.com][bytes ratio: -0.960 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/23 0/7][Pkt Len c2s/s2c min/avg/max/stddev: 586/687 586/2363 586/2902 0/788][URL: pagead2.googlesyndication.com/pagead/show_ads.js][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /pagead/show)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0,62]
26 TCP 192.168.2.126:35664 <-> 18.66.2.90:80 [proto: 7/HTTP][Stack: HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/249 bytes <-> 9 pkts/27029 bytes][Goodput ratio: 73/98][0.02 sec][Hostname/SNI: cdn.liftoff.io][bytes ratio: -0.982 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/1 0/3 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 249/797 249/3003 249/4350 0/1362][URL: cdn.liftoff.io/customers/45d4b09eba/image/lambda_jpg_89/398101234e6cf5b3a8d8.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /customers/45)][Plen Bins: 0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,60]
27 TCP 192.168.115.8:49603 <-> 106.187.35.246:80 [proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][Breed: Fun][12 pkts/1396 bytes <-> 22 pkts/24184 bytes][Goodput ratio: 52/95][45.24 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.891 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5632/4 45001/65 14880/15][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116/1099 415/1314 134/455][URL: pic.1kxun.com/video_kankan/images/videos/16649-ljdz.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /video)][Plen Bins: 8,0,0,0,0,0,0,0,0,4,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,75,0,0,0,0,0,0,0,0]
28 TCP 192.168.2.126:36732 <-> 142.250.186.174:80 [proto: 7.126/HTTP.Google][Stack: HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][FPC: 7.126/HTTP.Google, Confidence: DPI][DPI packets: 2][cat: Advertisement/101][Breed: Acceptable][1 pkts/487 bytes <-> 10 pkts/21123 bytes][Goodput ratio: 86/97][0.05 sec][Hostname/SNI: www.google-analytics.com][bytes ratio: -0.955 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/21 0/7][Pkt Len c2s/s2c min/avg/max/stddev: 487/677 487/2112 487/2902 0/822][URL: www.google-analytics.com/analytics.js][StatusCode: 200][Content-Type: text/javascript][Server: Golfe2][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /analytics.js HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,45]
28 TCP 192.168.2.126:36732 <-> 142.250.186.174:80 [proto: 7.126/HTTP.Google][Stack: HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][FPC: 7.126/HTTP.Google, Confidence: DPI][DPI packets: 2][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/487 bytes <-> 10 pkts/21123 bytes][Goodput ratio: 86/97][0.05 sec][Hostname/SNI: www.google-analytics.com][bytes ratio: -0.955 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/21 0/7][Pkt Len c2s/s2c min/avg/max/stddev: 487/677 487/2112 487/2902 0/822][URL: www.google-analytics.com/analytics.js][StatusCode: 200][Content-Type: text/javascript][Server: Golfe2][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /analytics.js HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,45]
29 TCP 192.168.2.126:45388 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][Breed: Fun][2 pkts/1315 bytes <-> 8 pkts/18984 bytes][Goodput ratio: 90/97][4.33 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.870 (Download)][IAT c2s/s2c min/avg/max/stddev: 3965/0 3965/593 3965/3966 0/1379][Pkt Len c2s/s2c min/avg/max/stddev: 509/1287 658/2373 806/8258 148/2234][URL: mangaweb.1kxun.mobi/js/swiper/swiper.min.css][StatusCode: 200][Content-Type: text/css][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/swiper/swiper.min.css H)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,40,0,20]
30 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 7/HTTP][Stack: HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 274/Alibaba, Confidence: IP address][DPI packets: 9][cat: Web/5][Breed: Acceptable][20 pkts/4716 bytes <-> 13 pkts/7005 bytes][Goodput ratio: 77/90][1.19 sec][Hostname/SNI: 42.120.51.152][bytes ratio: -0.195 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 49/52 298/178 81/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 236/539 499/1314 193/556][URL: 42.120.51.152:8080/api/proxy?url=http%3A%2F%2Fvv.video.qq.com%2Fgetvinfo][StatusCode: 100][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 42.120.51.152 / Expected on port 80][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (POST /api/proxy)][Plen Bins: 11,0,0,0,0,0,0,22,0,0,0,0,0,33,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0]
31 TCP 192.168.2.126:37100 <-> 52.29.177.177:80 [proto: 7/HTTP][Stack: HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 4][cat: Web/5][Breed: Acceptable][12 pkts/8973 bytes <-> 4 pkts/687 bytes][Goodput ratio: 91/61][7.04 sec][Hostname/SNI: adx-tk.rayjump.com][bytes ratio: 0.858 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/185 697/1192 4610/2198 1454/1006][Pkt Len c2s/s2c min/avg/max/stddev: 86/169 748/172 1506/180 594/5][StatusCode: 204][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /track)][Plen Bins: 25,0,0,25,0,0,0,0,0,0,0,0,0,0,12,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
@ -132,7 +133,7 @@ JA Host Stats:
62 TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][Breed: Fun][10 pkts/1406 bytes <-> 4 pkts/980 bytes][Goodput ratio: 60/75][45.21 sec][Hostname/SNI: kankan.1kxun.com][bytes ratio: 0.179 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/9 5643/40 44798/70 14800/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 141/245 474/788 167/314][URL: kankan.1kxun.com/api/videos/alsolikes/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377899][StatusCode: 200][Content-Type: application/json][Server: openresty/1.9.3.2][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /api/videos/alsolikes/10410)][Plen Bins: 40,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
63 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][Breed: Acceptable][10 pkts/1428 bytes <-> 4 pkts/867 bytes][Goodput ratio: 60/73][0.23 sec][Hostname/SNI: 183.131.48.145][bytes ratio: 0.244 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/42 74/83 34/42][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 143/217 486/687 172/271][URL: 183.131.48.145/vlive.qqvideo.tc.qq.com/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE656][StatusCode: 302][Server: httpserver][Risk: ** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 110][Risk Info: Found host 183.131.48.145 / Empty or missing User-Agent][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /vlive.qq)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
64 UDP 192.168.5.44:51389 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][13 pkts/2275 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][59.19 sec][Hostname/SNI: 239.255.255.250][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2967/0 5110/0 15056/0 4451/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
65 TCP 192.168.2.126:45424 <-> 161.117.13.29:80 [proto: 7/HTTP][Stack: HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Streaming/17][Breed: Acceptable][1 pkts/480 bytes <-> 1 pkts/1787 bytes][Goodput ratio: 86/96][0.19 sec][Hostname/SNI: tcad.wedolook.com][URL: tcad.wedolook.com/js/websdk.js][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/websdk.js HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
65 TCP 192.168.2.126:45424 <-> 161.117.13.29:80 [proto: 7/HTTP][Stack: HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Streaming/17][Breed: Fun][1 pkts/480 bytes <-> 1 pkts/1787 bytes][Goodput ratio: 86/96][0.19 sec][Hostname/SNI: tcad.wedolook.com][URL: tcad.wedolook.com/js/websdk.js][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/websdk.js HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
66 UDP 192.168.3.95:59468 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][12 pkts/2100 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][45.06 sec][Hostname/SNI: 239.255.255.250][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2967/0 4198/0 14952/0 3585/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
67 UDP 192.168.5.9:55484 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][12 pkts/2100 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][49.87 sec][Hostname/SNI: 239.255.255.250][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 4680/0 19869/0 5063/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
68 TCP 192.168.2.126:50148 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][Breed: Fun][1 pkts/1180 bytes <-> 1 pkts/832 bytes][Goodput ratio: 94/92][0.18 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/readpage_revision/like_1.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/readpage)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0]

5
tests/cfgs/default/result/alexa-app.pcapng.out
View file

@ -40,8 +40,9 @@ PlayStore 19 7852 1
GoogleServices 17 2587 1
AmazonAWS 373 141134 14
Safe 155 29189 13
Safe 136 23093 12
Acceptable 2919 1140556 147
Tracker_Ads 19 6096 1
Web 1530 685327 56
Cloud 373 141134 14
@ -125,7 +126,7 @@ JA Host Stats:
67 TCP 172.16.42.216:45694 <-> 52.94.232.134:443 [proto: 91.110/TLS.AmazonAlexa][Stack: TLS.AmazonAlexa][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 110/AmazonAlexa, Confidence: DNS][DPI packets: 7][cat: VirtAssistant/32][Breed: Acceptable][11 pkts/1845 bytes <-> 9 pkts/4385 bytes][Goodput ratio: 67/88][4.64 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.408 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 515/26 4284/78 1333/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 168/487 752/1514 212/577][Risk: ** Weak TLS Cipher **][Risk Score: 100][Risk Info: Cipher TLS_RSA_WITH_AES_128_CBC_SHA][nDPI Fingerprint: 6e2bfb70839a1a0ac4ec7899bfb1336f][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,12,0,0,0,0,12,0,0,0,25,0,0,0,0,0,0,12,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
68 TCP 172.16.42.216:34053 <-> 54.239.24.186:443 [proto: 91.265/TLS.AmazonAWS][Stack: TLS.AmazonAWS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: DNS][DPI packets: 7][cat: Cloud/13][Breed: Acceptable][11 pkts/4927 bytes <-> 9 pkts/1231 bytes][Goodput ratio: 88/57][2.15 sec][Hostname/SNI: mobileanalytics.us-east-1.amazonaws.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: 0.600 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 236/131 950/512 322/198][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 448/137 1514/449 584/126][nDPI Fingerprint: 6e2bfb70839a1a0ac4ec7899bfb1336f][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,12,0,0,25,0,0,0,12,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,12,0,12,0,0]
69 TCP 172.16.42.216:50800 <-> 54.239.28.178:443 [proto: 91.110/TLS.AmazonAlexa][Stack: TLS.AmazonAlexa][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 110/AmazonAlexa, Confidence: DNS][DPI packets: 7][cat: VirtAssistant/32][Breed: Acceptable][9 pkts/1769 bytes <-> 8 pkts/4341 bytes][Goodput ratio: 71/90][0.63 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.421 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 89/41 233/155 85/58][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 197/543 784/1514 236/591][Risk: ** Weak TLS Cipher **][Risk Score: 100][Risk Info: Cipher TLS_RSA_WITH_AES_128_CBC_SHA][nDPI Fingerprint: 6e2bfb70839a1a0ac4ec7899bfb1336f][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][ServerNames: pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn][JA3S: 18e962e106761869a61045bed0e81c2c][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com][Certificate SHA-1: 13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24][Validity: 2017-01-12 00:00:00 - 2018-01-13 23:59:59][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,12,0,0,0,0,12,0,0,0,25,0,0,0,0,0,0,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
70 TCP 172.16.42.216:33556 <-> 52.94.232.0:443 [proto: 91/TLS][Stack: TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 9][cat: Advertisement/101][Breed: Safe][10 pkts/1505 bytes <-> 9 pkts/4591 bytes][Goodput ratio: 63/89][141.56 sec][Hostname/SNI: mads.amazon-adsystem.com][bytes ratio: -0.506 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 76/52 174/172 68/74][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 150/510 642/1514 180/582][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 77fcb32cd3006fc460171e2e171695f7][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d220500_5fd681855ab9_c70a3c84db07][ServerNames: mads.amazon-adsystem.com,mads.amazon.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mads.amazon.com][Certificate SHA-1: E0:2E:BD:D6:46:9B:05:03:93:CC:A7:28:7A:F4:57:9C:EB:40:8F:AB][Firefox][Validity: 2016-09-23 00:00:00 - 2017-10-22 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,12,0,12,0,0,0,12,0,0,0,0,12,0,0,0,0,0,12,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
70 TCP 172.16.42.216:33556 <-> 52.94.232.0:443 [proto: 91/TLS][Stack: TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 9][cat: Advertisement/101][Breed: Tracker_Ads][10 pkts/1505 bytes <-> 9 pkts/4591 bytes][Goodput ratio: 63/89][141.56 sec][Hostname/SNI: mads.amazon-adsystem.com][bytes ratio: -0.506 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 76/52 174/172 68/74][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 150/510 642/1514 180/582][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 77fcb32cd3006fc460171e2e171695f7][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d220500_5fd681855ab9_c70a3c84db07][ServerNames: mads.amazon-adsystem.com,mads.amazon.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mads.amazon.com][Certificate SHA-1: E0:2E:BD:D6:46:9B:05:03:93:CC:A7:28:7A:F4:57:9C:EB:40:8F:AB][Firefox][Validity: 2016-09-23 00:00:00 - 2017-10-22 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,12,0,12,0,0,0,12,0,0,0,0,12,0,0,0,0,0,12,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
71 TCP 172.16.42.216:45695 <-> 52.94.232.134:443 [proto: 91.110/TLS.AmazonAlexa][Stack: TLS.AmazonAlexa][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 110/AmazonAlexa, Confidence: DNS][DPI packets: 5][cat: VirtAssistant/32][Breed: Acceptable][13 pkts/4352 bytes <-> 10 pkts/1702 bytes][Goodput ratio: 83/66][4.61 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.438 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 51/36 165/70 55/29][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 335/170 1514/555 510/190][Risk: ** Weak TLS Cipher **][Risk Score: 100][Risk Info: Cipher TLS_RSA_WITH_AES_128_CBC_SHA][nDPI Fingerprint: 6e2bfb70839a1a0ac4ec7899bfb1336f][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][JA3S: 18e962e106761869a61045bed0e81c2c][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,20,10,0,0,0,20,10,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
72 TCP 172.16.42.216:45688 <-> 52.94.232.134:443 [proto: 91.110/TLS.AmazonAlexa][Stack: TLS.AmazonAlexa][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 110/AmazonAlexa, Confidence: DNS][DPI packets: 5][cat: VirtAssistant/32][Breed: Acceptable][12 pkts/4484 bytes <-> 8 pkts/1439 bytes][Goodput ratio: 85/68][0.83 sec][Hostname/SNI: pitangui.amazon.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: 0.514 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 82/34 462/65 131/27][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 374/180 1514/891 537/270][Risk: ** Weak TLS Cipher **][Risk Score: 100][Risk Info: Cipher TLS_RSA_WITH_AES_128_CBC_SHA][nDPI Fingerprint: 6e2bfb70839a1a0ac4ec7899bfb1336f][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][JA3S: 18e962e106761869a61045bed0e81c2c][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA][Plen Bins: 0,25,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
73 TCP 172.16.42.216:42144 <-> 72.21.206.135:443 [proto: 91.178/TLS.Amazon][Stack: TLS.Amazon][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 178/Amazon, Confidence: DNS][DPI packets: 7][cat: Web/5][Breed: Acceptable][12 pkts/4652 bytes <-> 11 pkts/1197 bytes][Goodput ratio: 86/46][1.06 sec][Hostname/SNI: fls-na.amazon.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: 0.591 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 40/17 110/64 38/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 388/109 1514/445 525/115][nDPI Fingerprint: 6e2bfb70839a1a0ac4ec7899bfb1336f][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1510h2_f0daf39aad75_e69ac49eb88f][JA3S: d199ba0af2b08e204c73d6d81a1fd260][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,12,0,0,12,0,0,12,12,0,0,0,12,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0]

16
tests/cfgs/default/result/android.pcap.out
View file

@ -44,8 +44,8 @@ PlayStore 79 29045 4
GoogleServices 10 3144 2
Safe 115 33651 10
Acceptable 258 73115 46
Fun 102 25188 7
Acceptable 357 98045 52
Fun 3 258 1
Web 276 77333 21
Cloud 3 1656 1
@ -64,7 +64,7 @@ JA Host Stats:
2 TCP 192.168.2.16:33002 <-> 216.239.38.120:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Acceptable][15 pkts/2371 bytes <-> 15 pkts/6005 bytes][Goodput ratio: 58/83][0.35 sec][Hostname/SNI: accounts.google.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.434 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 24/10 184/48 49/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 158/400 670/1484 186/477][nDPI Fingerprint: 56e60ca6e7eba86c5834d09a8476ade0][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.3][JA4: t13d1615h2_46e7e9700bed_45f260be83e2][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 11,18,18,0,0,0,11,0,5,0,0,0,0,0,0,0,5,0,11,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0]
3 TCP 192.168.2.16:32990 <-> 216.239.38.120:443 [proto: 91.228/TLS.PlayStore][Stack: TLS.PlayStore][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 228/PlayStore, Confidence: DNS][DPI packets: 6][cat: SoftwareUpdate/19][Breed: Safe][11 pkts/2272 bytes <-> 10 pkts/5932 bytes][Goodput ratio: 68/89][0.35 sec][Hostname/SNI: android.clients.google.com][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.446 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 44/23 128/77 45/30][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 207/593 1023/1484 297/582][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: f9cc85d1c8df319130215bb6886d12d4][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.3][JA4: t13d171100_5b57614c22b0_3f5d972527c0][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 11,0,11,0,0,0,0,0,0,0,0,0,0,11,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,11,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0]
4 TCP 192.168.2.16:32986 <-> 216.239.38.120:443 [proto: 91.228/TLS.PlayStore][Stack: TLS.PlayStore][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 228/PlayStore, Confidence: DNS][DPI packets: 6][cat: SoftwareUpdate/19][Breed: Safe][11 pkts/2233 bytes <-> 10 pkts/5793 bytes][Goodput ratio: 67/88][0.49 sec][Hostname/SNI: android.clients.google.com][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.444 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 60/39 185/181 63/59][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 203/579 984/1484 287/585][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: f9cc85d1c8df319130215bb6886d12d4][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.3][JA4: t13d171100_5b57614c22b0_3f5d972527c0][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 11,0,11,0,0,0,0,0,11,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,11,11,0,0,11,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0]
5 TCP 192.168.2.16:51928 <-> 172.217.21.202:443 [proto: 91.46/TLS.DataSaver][Stack: TLS.DataSaver][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 46/DataSaver, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Fun][14 pkts/2051 bytes <-> 13 pkts/5408 bytes][Goodput ratio: 55/84][0.35 sec][Hostname/SNI: datasaver.googleapis.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.450 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 24/14 132/77 37/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 146/416 583/1484 145/494][nDPI Fingerprint: 56e60ca6e7eba86c5834d09a8476ade0][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.3][JA4: t13d1615h2_46e7e9700bed_45f260be83e2][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 13,13,21,0,0,0,0,6,0,6,6,0,0,0,0,6,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0]
5 TCP 192.168.2.16:51928 <-> 172.217.21.202:443 [proto: 91.46/TLS.DataSaver][Stack: TLS.DataSaver][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 46/DataSaver, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Acceptable][14 pkts/2051 bytes <-> 13 pkts/5408 bytes][Goodput ratio: 55/84][0.35 sec][Hostname/SNI: datasaver.googleapis.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.450 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 24/14 132/77 37/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 146/416 583/1484 145/494][nDPI Fingerprint: 56e60ca6e7eba86c5834d09a8476ade0][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.3][JA4: t13d1615h2_46e7e9700bed_45f260be83e2][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 13,13,21,0,0,0,0,6,0,6,6,0,0,0,0,6,6,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0]
6 TCP 192.168.2.16:32974 <-> 216.239.38.120:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: DNS][DPI packets: 8][cat: Web/5][Breed: Acceptable][13 pkts/1439 bytes <-> 10 pkts/5592 bytes][Goodput ratio: 40/88][0.52 sec][Hostname/SNI: clients1.google.com][bytes ratio: -0.591 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 48/34 202/137 60/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 111/559 380/1484 92/576][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: afee519375a83ac5599c34de5758a898][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d140700_c866b44c5a26_036209cd1ead][ServerNames: *.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be][JA3S: b31c0b82752ea0e2c48b8ce46e9263e5][Issuer: C=US, O=Google Trust Services, CN=GTS CA 1O1][Subject: C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com][Certificate SHA-1: 80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42][Safari][Validity: 2020-02-12 11:47:11 - 2020-05-06 11:47:11][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,11,11,0,0,11,11,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0]
7 TCP 192.168.2.16:50384 <-> 172.217.168.206:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: DNS][DPI packets: 8][cat: Web/5][Breed: Acceptable][11 pkts/1365 bytes <-> 9 pkts/5365 bytes][Goodput ratio: 45/89][2.49 sec][Hostname/SNI: app-measurement.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.594 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 277/69 1716/301 516/102][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 124/596 407/1484 105/544][nDPI Fingerprint: e975843b4ad91c1019e670cc58aaa6a7][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1409h1_c866b44c5a26_b39be8c56a14][ServerNames: *.google-analytics.com,*.fps.goog,app-measurement.com,fps.goog,google-analytics.com,googleoptimize.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googleoptimize.com,www.googletagmanager.com][JA3S: 9d9ce860f1b1cbef07b019450cb368d8][Issuer: C=US, O=Google Trust Services, CN=GTS CA 1O1][Subject: C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com][Certificate SHA-1: B0:D9:D3:57:C2:34:87:2C:FB:F5:E6:BD:7F:9F:54:65:08:61:AF:01][Safari][Validity: 2020-02-12 11:37:03 - 2020-05-06 11:37:03][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,11,0,0,11,0,0,0,11,11,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0]
8 TCP 192.168.2.16:52486 <-> 172.217.20.74:443 [proto: 91.228/TLS.PlayStore][Stack: TLS.PlayStore][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 228/PlayStore, Confidence: DNS][DPI packets: 8][cat: SoftwareUpdate/19][Breed: Safe][12 pkts/1298 bytes <-> 10 pkts/5186 bytes][Goodput ratio: 38/87][1.75 sec][Hostname/SNI: play.googleapis.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.600 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 194/37 1374/212 422/70][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 108/519 286/1484 76/570][nDPI Fingerprint: e975843b4ad91c1019e670cc58aaa6a7][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1409h1_c866b44c5a26_b39be8c56a14][ServerNames: *.storage.googleapis.com,*.appspot.com.storage.googleapis.com,*.commondatastorage.googleapis.com,*.content-storage-download.googleapis.com,*.content-storage-upload.googleapis.com,*.content-storage.googleapis.com,*.googleapis.com,*.storage-download.googleapis.com,*.storage-upload.googleapis.com,*.storage.select.googleapis.com,commondatastorage.googleapis.com,storage.googleapis.com,storage.select.googleapis.com,unfiltered.news][JA3S: eca9b8f0f3eae50309eaf901cb822d9b][Issuer: C=US, O=Google Trust Services, CN=GTS CA 1O1][Subject: C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.storage.googleapis.com][Certificate SHA-1: BA:BA:BA:55:69:9F:E0:BD:48:80:23:A4:B3:AD:C1:FF:EA:4E:17:C9][Safari][Validity: 2020-02-12 11:45:22 - 2020-05-06 11:45:22][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,10,10,0,20,10,10,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,20,0,0,0]
@ -72,16 +72,16 @@ JA Host Stats:
10 TCP 192.168.2.16:36888 <-> 172.217.18.3:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: DNS][DPI packets: 6][cat: ConnCheck/30][Breed: Acceptable][9 pkts/1175 bytes <-> 7 pkts/4762 bytes][Goodput ratio: 47/90][1.62 sec][Hostname/SNI: connectivitycheck.gstatic.com][(Advertised) ALPNs: http/1.1][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 27/28 203/104 522/277 176/93][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 131/680 327/1484 93/575][nDPI Fingerprint: e975843b4ad91c1019e670cc58aaa6a7][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1409h1_c866b44c5a26_b39be8c56a14][Safari][Plen Bins: 0,0,12,0,0,0,12,0,12,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0]
11 TCP 192.168.2.16:36890 <-> 172.217.18.3:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: DNS][DPI packets: 8][cat: ConnCheck/30][Breed: Acceptable][9 pkts/1151 bytes <-> 7 pkts/4762 bytes][Goodput ratio: 48/90][0.84 sec][Hostname/SNI: connectivitycheck.gstatic.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.611 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 120/15 647/36 217/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 128/680 327/1484 95/575][nDPI Fingerprint: e975843b4ad91c1019e670cc58aaa6a7][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1409h1_c866b44c5a26_b39be8c56a14][ServerNames: *.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be][JA3S: eca9b8f0f3eae50309eaf901cb822d9b][Issuer: C=US, O=Google Trust Services, CN=GTS CA 1O1][Subject: C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com][Certificate SHA-1: 80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42][Safari][Validity: 2020-02-12 11:47:11 - 2020-05-06 11:47:11][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,12,0,0,0,12,0,12,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0]
12 TCP 192.168.2.16:33014 <-> 216.239.38.120:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Acceptable][11 pkts/1877 bytes <-> 7 pkts/3708 bytes][Goodput ratio: 61/87][0.20 sec][Hostname/SNI: www.google.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.328 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/11 96/40 29/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 171/530 583/1484 180/574][nDPI Fingerprint: 56e60ca6e7eba86c5834d09a8476ade0][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.3][JA4: t13d1615h2_46e7e9700bed_45f260be83e2][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 22,0,22,0,0,0,0,0,0,0,0,0,0,11,0,0,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,11,0,0,0]
13 TCP 192.168.2.16:51944 <-> 172.217.21.202:443 [proto: 91.46/TLS.DataSaver][Stack: TLS.DataSaver][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 46/DataSaver, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Fun][12 pkts/2171 bytes <-> 12 pkts/2705 bytes][Goodput ratio: 63/70][0.20 sec][Hostname/SNI: datasaver.googleapis.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.110 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/11 39/64 15/19][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 181/225 660/646 208/202][nDPI Fingerprint: 5c21de40f2f1b3997d39bb362080ae01][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.3][JA4: t13d1615h2_46e7e9700bed_13c35ee53a8e][JA3S: 2b0648ab686ee45e0e7c35fcfb0eea7e][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 15,15,15,0,0,0,15,0,0,0,7,0,0,0,0,7,0,7,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
14 TCP 192.168.2.16:43646 <-> 172.217.20.76:443 [proto: 91.46/TLS.DataSaver][Stack: TLS.DataSaver][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 46/DataSaver, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Fun][8 pkts/1053 bytes <-> 6 pkts/3460 bytes][Goodput ratio: 49/88][0.20 sec][Hostname/SNI: proxy.googlezip.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.533 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/16 51/61 18/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 132/577 583/1484 171/646][nDPI Fingerprint: 56e60ca6e7eba86c5834d09a8476ade0][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.3][JA4: t13d1615h2_46e7e9700bed_45f260be83e2][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0]
15 TCP 192.168.2.16:43634 <-> 172.217.20.76:443 [proto: 91.46/TLS.DataSaver][Stack: TLS.DataSaver][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 46/DataSaver, Confidence: DNS][DPI packets: 7][cat: Web/5][Breed: Fun][8 pkts/1005 bytes <-> 6 pkts/3460 bytes][Goodput ratio: 51/88][0.11 sec][Hostname/SNI: proxy.googlezip.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.550 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/16 39/61 13/26][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 126/577 583/1484 173/646][nDPI Fingerprint: 56e60ca6e7eba86c5834d09a8476ade0][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.3][JA4: t13d1615h2_46e7e9700bed_45f260be83e2][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0]
13 TCP 192.168.2.16:51944 <-> 172.217.21.202:443 [proto: 91.46/TLS.DataSaver][Stack: TLS.DataSaver][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 46/DataSaver, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Acceptable][12 pkts/2171 bytes <-> 12 pkts/2705 bytes][Goodput ratio: 63/70][0.20 sec][Hostname/SNI: datasaver.googleapis.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.110 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/11 39/64 15/19][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 181/225 660/646 208/202][nDPI Fingerprint: 5c21de40f2f1b3997d39bb362080ae01][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.3][JA4: t13d1615h2_46e7e9700bed_13c35ee53a8e][JA3S: 2b0648ab686ee45e0e7c35fcfb0eea7e][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 15,15,15,0,0,0,15,0,0,0,7,0,0,0,0,7,0,7,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
14 TCP 192.168.2.16:43646 <-> 172.217.20.76:443 [proto: 91.46/TLS.DataSaver][Stack: TLS.DataSaver][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 46/DataSaver, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Acceptable][8 pkts/1053 bytes <-> 6 pkts/3460 bytes][Goodput ratio: 49/88][0.20 sec][Hostname/SNI: proxy.googlezip.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.533 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/16 51/61 18/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 132/577 583/1484 171/646][nDPI Fingerprint: 56e60ca6e7eba86c5834d09a8476ade0][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.3][JA4: t13d1615h2_46e7e9700bed_45f260be83e2][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0]
15 TCP 192.168.2.16:43634 <-> 172.217.20.76:443 [proto: 91.46/TLS.DataSaver][Stack: TLS.DataSaver][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 46/DataSaver, Confidence: DNS][DPI packets: 7][cat: Web/5][Breed: Acceptable][8 pkts/1005 bytes <-> 6 pkts/3460 bytes][Goodput ratio: 51/88][0.11 sec][Hostname/SNI: proxy.googlezip.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.550 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/16 39/61 13/26][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 126/577 583/1484 173/646][nDPI Fingerprint: 56e60ca6e7eba86c5834d09a8476ade0][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.3][JA4: t13d1615h2_46e7e9700bed_45f260be83e2][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0]
16 TCP 192.168.2.16:32998 <-> 216.239.38.120:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: DNS][DPI packets: 7][cat: Web/5][Breed: Acceptable][8 pkts/1005 bytes <-> 6 pkts/3449 bytes][Goodput ratio: 51/88][0.05 sec][Hostname/SNI: accounts.google.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.549 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 20/17 8/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 126/575 583/1484 173/647][nDPI Fingerprint: 56e60ca6e7eba86c5834d09a8476ade0][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.3][JA4: t13d1615h2_46e7e9700bed_45f260be83e2][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0]
17 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][Stack: DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 18/DHCP, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][12 pkts/4088 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][82.22 sec][Hostname/SNI: lucas-imac][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 130/0 6001/0 8764/0 3124/0][Pkt Len c2s/s2c min/avg/max/stddev: 328/0 341/0 342/0 4/0][DHCP Fingerprint: 1,121,3,6,15,119,252,95,44,46][PLAIN TEXT (android)][Plen Bins: 0,0,0,0,0,0,0,0,8,91,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
18 TCP 192.168.2.16:36834 <-> 173.194.79.114:80 [proto: 7.46/HTTP.DataSaver][Stack: HTTP.DataSaver][IP: 126/Google][ClearText][Confidence: DPI][FPC: 46/DataSaver, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Fun][8 pkts/1130 bytes <-> 5 pkts/1254 bytes][Goodput ratio: 53/73][0.30 sec][Hostname/SNI: check.googlezip.net][bytes ratio: -0.052 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/1 41/59 105/141 31/59][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 141/251 363/524 128/223][URL: check.googlezip.net/connect][StatusCode: 200][Content-Type: text/html][Server: sffe][User-Agent: Mozilla/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.93 Mobile Safari/537.36][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (GET /connect HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
18 TCP 192.168.2.16:36834 <-> 173.194.79.114:80 [proto: 7.46/HTTP.DataSaver][Stack: HTTP.DataSaver][IP: 126/Google][ClearText][Confidence: DPI][FPC: 46/DataSaver, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Acceptable][8 pkts/1130 bytes <-> 5 pkts/1254 bytes][Goodput ratio: 53/73][0.30 sec][Hostname/SNI: check.googlezip.net][bytes ratio: -0.052 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/1 41/59 105/141 31/59][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 141/251 363/524 128/223][URL: check.googlezip.net/connect][StatusCode: 200][Content-Type: text/html][Server: sffe][User-Agent: Mozilla/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.93 Mobile Safari/537.36][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (GET /connect HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
19 TCP 192.168.2.16:44374 <-> 172.217.22.10:443 [proto: 91.239/TLS.GoogleServices][Stack: TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 239/GoogleServices, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Acceptable][3 pkts/723 bytes <-> 3 pkts/1624 bytes][Goodput ratio: 71/87][0.10 sec][Hostname/SNI: android.googleapis.com][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.384 (Download)][IAT c2s/s2c min/avg/max/stddev: 26/9 33/38 40/66 7/28][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241/541 583/1484 242/667][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 9a9ce4be3691bc090d12caa7152caed3][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.3][JA4: t13d171200_5b57614c22b0_931b75671d98][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0]
20 TCP 192.168.2.16:58338 <-> 17.253.53.201:80 [proto: 7.140/HTTP.Apple][Stack: HTTP.Apple][IP: 140/Apple][ClearText][Confidence: DPI][FPC: 140/Apple, Confidence: DNS][DPI packets: 6][cat: ConnCheck/30][Breed: Safe][6 pkts/607 bytes <-> 5 pkts/1053 bytes][Goodput ratio: 33/68][0.16 sec][Hostname/SNI: captive.apple.com][bytes ratio: -0.269 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/0 25/23 42/46 15/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/211 269/781 75/285][URL: captive.apple.com/][StatusCode: 200][Content-Type: text/html][Server: ATS/8.0.6][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
21 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][Stack: Dropbox][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 121/Dropbox, Confidence: DPI][DPI packets: 1][cat: Cloud/13][Breed: Acceptable][3 pkts/1656 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][60.10 sec][PLAIN TEXT (version)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
22 TCP 192.168.2.16:36848 <-> 173.194.79.114:80 [proto: 7.46/HTTP.DataSaver][Stack: HTTP.DataSaver][IP: 126/Google][ClearText][Confidence: DPI][FPC: 46/DataSaver, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Fun][4 pkts/569 bytes <-> 3 pkts/664 bytes][Goodput ratio: 52/69][0.11 sec][Hostname/SNI: check.googlezip.net][bytes ratio: -0.077 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 31/1 37/36 41/72 4/36][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 142/221 363/524 127/214][URL: check.googlezip.net/connect][StatusCode: 200][Content-Type: text/html][Server: sffe][User-Agent: Mozilla/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.93 Mobile Safari/537.36][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (GET /connect HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
22 TCP 192.168.2.16:36848 <-> 173.194.79.114:80 [proto: 7.46/HTTP.DataSaver][Stack: HTTP.DataSaver][IP: 126/Google][ClearText][Confidence: DPI][FPC: 46/DataSaver, Confidence: DNS][DPI packets: 6][cat: Web/5][Breed: Acceptable][4 pkts/569 bytes <-> 3 pkts/664 bytes][Goodput ratio: 52/69][0.11 sec][Hostname/SNI: check.googlezip.net][bytes ratio: -0.077 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 31/1 37/36 41/72 4/36][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 142/221 363/524 127/214][URL: check.googlezip.net/connect][StatusCode: 200][Content-Type: text/html][Server: sffe][User-Agent: Mozilla/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.93 Mobile Safari/537.36][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (GET /connect HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
23 TCP 17.248.176.75:443 -> 192.168.2.17:50580 [proto: 91/TLS][Stack: TLS][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Safe][8 pkts/1067 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][18.90 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 294/0 2700/0 9727/0 3229/0][Pkt Len c2s/s2c min/avg/max/stddev: 97/0 133/0 143/0 17/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 12,12,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
24 TCP 17.248.176.75:443 -> 192.168.2.17:50584 [proto: 91/TLS][Stack: TLS][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Safe][8 pkts/1067 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][19.37 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 300/0 2767/0 9727/0 3262/0][Pkt Len c2s/s2c min/avg/max/stddev: 97/0 133/0 143/0 17/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 12,12,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
25 TCP 192.168.2.16:52514 <-> 172.217.20.74:443 [proto: 91.239/TLS.GoogleServices][Stack: TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 239/GoogleServices, Confidence: DNS][DPI packets: 4][cat: Web/5][Breed: Acceptable][3 pkts/723 bytes <-> 1 pkts/74 bytes][Goodput ratio: 71/0][0.27 sec][Hostname/SNI: semanticlocation-pa.googleapis.com][(Advertised) ALPNs: h2][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t13d1712h2_5b57614c22b0_3f5d972527c0][Safari][PLAIN TEXT (semanticlocation)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

8
tests/cfgs/default/result/anyconnect-vpn.pcap.out
View file

@ -41,9 +41,9 @@ Slack 27 4825 1
AJP 5 390 1
CiscoVPN 3 198 1
Safe 357 93023 14
Acceptable 209 36536 53
Unrated 19 1054 2
Safe 386 99716 16
Acceptable 180 29843 51
Unspecified 19 1054 2
VPN 3 198 1
@ -64,11 +64,11 @@ JA Host Stats:
4 TCP 10.0.0.227:56918 <-> 8.37.102.91:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Web/5][Breed: Safe][16 pkts/2739 bytes <-> 14 pkts/7315 bytes][Goodput ratio: 61/87][0.35 sec][(Advertised) ALPNs: http/1.1][bytes ratio: -0.455 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 23/26 48/88 21/29][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 171/522 1175/1514 274/624][Risk: ** Weak TLS Cipher **** Missing SNI TLS Extn **** ALPN/SNI Mismatch **][Risk Score: 200][Risk Info: http/1.1 / SNI should always be present / Cipher TLS_RSA_WITH_AES_256_CBC_SHA][nDPI Fingerprint: 0ab478f88458d4b7e389280db8733f0c][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12i2204h1_95b9206a23eb_1ea9011b3dfa][ServerNames: *.pandion.viasat.com,pandion.viasat.com][JA3S: 82f0d8a75fa483d1cfe4b7085b784d7e][Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K][Subject: C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com][Certificate SHA-1: 92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA][Firefox][Validity: 2019-02-05 21:43:58 - 2021-02-05 22:13:57][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,16,8,0,0,8,0,8,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,8,0,25,0,0]
5 UDP 10.0.0.227:54107 <-> 8.37.102.91:443 [proto: 30/DTLS][Stack: DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 30/DTLS, Confidence: DPI][DPI packets: 4][cat: Web/5][Breed: Safe][14 pkts/2322 bytes <-> 15 pkts/3787 bytes][Goodput ratio: 75/83][0.24 sec][bytes ratio: -0.240 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/16 47/46 19/20][Pkt Len c2s/s2c min/avg/max/stddev: 135/90 166/252 199/407 17/74][Risk: ** Obsolete TLS (v1.1 or older) **][Risk Score: 100][Risk Info: TLS (0100)][nDPI Fingerprint: 921dc05ee9400079c792f8162a9e9f3d][TLS (0100)][JA4: d00i010000_2cfe23c976cf_e3b0c44298fc][JA3S: cee68a158056f16c2d1b274dde4e2ec3][Cipher: TLS_DHE_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,3,3,39,13,18,3,6,6,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 TCP 10.0.0.227:56920 <-> 99.86.34.156:443 [proto: 91.118/TLS.Slack][Stack: TLS.Slack][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 118/Slack, Confidence: DNS][DPI packets: 6][cat: Collaborative/15][Breed: Acceptable][16 pkts/2949 bytes <-> 11 pkts/1876 bytes][Goodput ratio: 64/61][11.47 sec][Hostname/SNI: slack.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: 0.222 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 866/28 11074/80 2947/34][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 184/171 853/487 228/155][nDPI Fingerprint: 34104aa1b54ff5ab855f9d5aea374abf][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1313h2_8b80da21ef18_e48c60694ef0][JA3S: 7bee5c1d424b7e5f943b06983bb11422][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,34,16,0,8,0,0,0,0,0,0,0,8,16,0,0,8,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 TCP 10.0.0.227:56884 <-> 184.25.56.77:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: ConnCheck/30][Breed: Acceptable][12 pkts/2303 bytes <-> 7 pkts/2382 bytes][Goodput ratio: 67/81][18.51 sec][Hostname/SNI: detectportal.firefox.com][bytes ratio: -0.017 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 7/31 1824/3642 10081/10083 3593/4385][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 192/340 373/450 153/173][URL: detectportal.firefox.com/success.txt?ipv4][StatusCode: 200][Content-Type: text/plain][Server: AmazonS3][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko/20100101 Firefox/69.0][PLAIN TEXT (GET /success.txt)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 TCP 10.0.0.227:56884 <-> 184.25.56.77:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: ConnCheck/30][Breed: Safe][12 pkts/2303 bytes <-> 7 pkts/2382 bytes][Goodput ratio: 67/81][18.51 sec][Hostname/SNI: detectportal.firefox.com][bytes ratio: -0.017 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 7/31 1824/3642 10081/10083 3593/4385][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 192/340 373/450 153/173][URL: detectportal.firefox.com/success.txt?ipv4][StatusCode: 200][Content-Type: text/plain][Server: AmazonS3][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko/20100101 Firefox/69.0][PLAIN TEXT (GET /success.txt)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
8 TCP 10.0.0.227:56320 <-> 10.0.0.149:8009 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Safe][20 pkts/2420 bytes <-> 10 pkts/1760 bytes][Goodput ratio: 45/62][45.04 sec][bytes ratio: 0.158 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/5003 2648/5004 5001/5006 2495/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/176 121/176 176/176 55/0][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
9 ICMPV6 [fe80::2e7e:81ff:feb0:4aa1]:0 -> [ff02::1]:0 [proto: 102/ICMPV6][Stack: ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 102/ICMPV6, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][16 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 64/0][45.47 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2867/0 3028/0 3072/0 84/0][Pkt Len c2s/s2c min/avg/max/stddev: 174/0 174/0 174/0 0/0][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
10 TCP 10.0.0.227:56955 <-> 10.0.0.151:8060 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Acceptable][6 pkts/650 bytes <-> 5 pkts/1668 bytes][Goodput ratio: 37/80][4.02 sec][Hostname/SNI: 10.0.0.151][bytes ratio: -0.439 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/2 4/4 9/6 3/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 108/334 308/1206 89/442][URL: 10.0.0.151:8060/dial/dd.xml][StatusCode: 200][Content-Type: text/xml][Server: Roku UPnP/1.0 MiniUPnPd/1.4][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 10.0.0.151 / Expected on port 80][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (GET /dial/dd.xml HTTP/1.1)][Plen Bins: 0,0,0,0,0,33,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0]
11 TCP 10.0.0.227:56917 <-> 184.25.56.77:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: ConnCheck/30][Breed: Acceptable][6 pkts/976 bytes <-> 4 pkts/1032 bytes][Goodput ratio: 62/74][18.47 sec][Hostname/SNI: detectportal.firefox.com][bytes ratio: -0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 28/573 3694/6151 10081/10078 4344/4052][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 163/258 368/450 145/192][URL: detectportal.firefox.com/success.txt][StatusCode: 200][Content-Type: text/plain][Server: AmazonS3][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko/20100101 Firefox/69.0][PLAIN TEXT (GET /success.txt HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
11 TCP 10.0.0.227:56917 <-> 184.25.56.77:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: ConnCheck/30][Breed: Safe][6 pkts/976 bytes <-> 4 pkts/1032 bytes][Goodput ratio: 62/74][18.47 sec][Hostname/SNI: detectportal.firefox.com][bytes ratio: -0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 28/573 3694/6151 10081/10078 4344/4052][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 163/258 368/450 145/192][URL: detectportal.firefox.com/success.txt][StatusCode: 200][Content-Type: text/plain][Server: AmazonS3][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko/20100101 Firefox/69.0][PLAIN TEXT (GET /success.txt HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
12 TCP 10.0.0.227:56954 <-> 10.0.0.149:8008 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Acceptable][4 pkts/527 bytes <-> 3 pkts/1401 bytes][Goodput ratio: 48/85][0.01 sec][Hostname/SNI: 10.0.0.149][bytes ratio: -0.453 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 2/3 6/3 3/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 132/467 317/1261 107/561][URL: 10.0.0.149:8008/ssdp/device-desc.xml][StatusCode: 200][Content-Type: application/xml][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 10.0.0.149 / Expected on port 80][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][PLAIN TEXT (HGET /ssdp/device)][Plen Bins: 0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0]
13 UDP [fe80::408:3e45:3abc:1552]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 6][cat: Network/14][Breed: Acceptable][9 pkts/1628 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][25.40 sec][Hostname/SNI: _raop._tcp.local][_raop._tcp.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 819/0 3174/0 11263/0 3646/0][Pkt Len c2s/s2c min/avg/max/stddev: 152/0 181/0 206/0 24/0][PLAIN TEXT (companion)][Plen Bins: 0,0,33,22,44,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
14 UDP 10.0.0.227:137 -> 10.0.0.255:137 [proto: 10/NetBIOS][Stack: NetBIOS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 10/NetBIOS, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][15 pkts/1542 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][6.05 sec][Hostname/SNI: lp-rkerur-osx][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 465/0 1499/0 677/0][Pkt Len c2s/s2c min/avg/max/stddev: 92/0 103/0 110/0 9/0][PLAIN TEXT ( EMFACNFCELEFFC)][Plen Bins: 0,40,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

4
tests/cfgs/default/result/bets.pcapng.out
View file

@ -22,7 +22,7 @@ Patricia protocols IPv6: 0/0 (search/found)
TLS 33 9228 1
Safe 33 9228 1
Acceptable 33 9228 1
Gambling 33 9228 1
@ -31,4 +31,4 @@ JA Host Stats:
1 192.168.10.2 1
1 TCP 192.168.10.2:60099 <-> 13.224.103.22:443 [proto: 91/TLS][Stack: TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 6][cat: Gambling/107][Breed: Safe][17 pkts/1469 bytes <-> 16 pkts/7759 bytes][Goodput ratio: 39/89][0.19 sec][Hostname/SNI: www.1084bets10.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.682 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/9 46/45 16/17][Pkt Len c2s/s2c min/avg/max/stddev: 52/52 86/485 380/1420 78/609][nDPI Fingerprint: f0a50502b1b9bffccd0d96726b6697d9][TCP Fingerprint: 2_64_65535_78dd6871cb6d/macOS][TLSv1.3][JA4: t13d4907h2_0d8feac7bc37_7395dae3b2f3][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 14,14,21,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,28,0,0,0,0,0]
1 TCP 192.168.10.2:60099 <-> 13.224.103.22:443 [proto: 91/TLS][Stack: TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 6][cat: Gambling/107][Breed: Acceptable][17 pkts/1469 bytes <-> 16 pkts/7759 bytes][Goodput ratio: 39/89][0.19 sec][Hostname/SNI: www.1084bets10.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.682 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/9 46/45 16/17][Pkt Len c2s/s2c min/avg/max/stddev: 52/52 86/485 380/1420 78/609][nDPI Fingerprint: f0a50502b1b9bffccd0d96726b6697d9][TCP Fingerprint: 2_64_65535_78dd6871cb6d/macOS][TLSv1.3][JA4: t13d4907h2_0d8feac7bc37_7395dae3b2f3][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 14,14,21,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,28,0,0,0,0,0]

6
tests/cfgs/default/result/conncheck.pcap.out
View file

@ -28,8 +28,8 @@ Google 10 2153 1
PlayStore 9 1912 1
HuaweiCloud 7 4232 1
Safe 70 12384 7
Acceptable 29 8962 4
Safe 77 16616 8
Acceptable 22 4730 3
Network 2 305 1
ConnCheck 97 21041 10
@ -39,7 +39,7 @@ JA Host Stats:
1 1.37.34.211 1
1 TCP 1.37.34.211:443 <-> 10.142.92.57:49024 [VLAN: 113][proto: GTP:91.399/TLS.HuaweiCloud][Stack: TLS.HuaweiCloud][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: ConnCheck/30][Breed: Acceptable][6 pkts/3926 bytes <-> 1 pkts/306 bytes][Goodput ratio: 83/64][0.59 sec][Hostname/SNI: connectivitycheck.platform.hicloud.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: 0.855 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 117/0 207/0 96/0][Pkt Len c2s/s2c min/avg/max/stddev: 118/306 654/306 1458/306 599/0][nDPI Fingerprint: b671f73ea86ddbdb7a79bfe93c909014][TLSv1.2][JA4: t12d1009h1_a8cf61a50a39_b39be8c56a14][ServerNames: connectivitycheck.cbg-app.huawei.com,connectivitycheck.cbg-app.huawei.com.cn,connectivitycheck.cbg-app.huawei.asia,connectivitycheck.cbg-app.huawei.eu,connectivitycheck.cbg-app.huawei.ru,*.platform.dbankcloud.ru,*.platform.dbankcloud.cn,*.platform.hicloud.com,*.platform.dbankcloud.com][JA3S: afbc203706421f15554867b55caf16d6][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G3][Subject: C=CN, ST=Jiangsu, L=Nanjing, O=Huawei Software Technologies Co., Ltd., CN=connectivitycheck.cbg-app.huawei.com][Certificate SHA-1: 2B:33:9E:80:E7:3C:EC:31:78:B2:DD:DA:2D:39:7B:C5:0B:9E:B4:70][Validity: 2023-07-19 03:30:36 - 2024-08-19 03:30:35][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0]
1 TCP 1.37.34.211:443 <-> 10.142.92.57:49024 [VLAN: 113][proto: GTP:91.399/TLS.HuaweiCloud][Stack: TLS.HuaweiCloud][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: ConnCheck/30][Breed: Safe][6 pkts/3926 bytes <-> 1 pkts/306 bytes][Goodput ratio: 83/64][0.59 sec][Hostname/SNI: connectivitycheck.platform.hicloud.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: 0.855 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 117/0 207/0 96/0][Pkt Len c2s/s2c min/avg/max/stddev: 118/306 654/306 1458/306 599/0][nDPI Fingerprint: b671f73ea86ddbdb7a79bfe93c909014][TLSv1.2][JA4: t12d1009h1_a8cf61a50a39_b39be8c56a14][ServerNames: connectivitycheck.cbg-app.huawei.com,connectivitycheck.cbg-app.huawei.com.cn,connectivitycheck.cbg-app.huawei.asia,connectivitycheck.cbg-app.huawei.eu,connectivitycheck.cbg-app.huawei.ru,*.platform.dbankcloud.ru,*.platform.dbankcloud.cn,*.platform.hicloud.com,*.platform.dbankcloud.com][JA3S: afbc203706421f15554867b55caf16d6][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G3][Subject: C=CN, ST=Jiangsu, L=Nanjing, O=Huawei Software Technologies Co., Ltd., CN=connectivitycheck.cbg-app.huawei.com][Certificate SHA-1: 2B:33:9E:80:E7:3C:EC:31:78:B2:DD:DA:2D:39:7B:C5:0B:9E:B4:70][Validity: 2023-07-19 03:30:36 - 2024-08-19 03:30:35][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0]
2 TCP 10.1.0.60:38024 <-> 92.123.101.121:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: ConnCheck/30][Breed: Acceptable][9 pkts/2198 bytes <-> 1 pkts/74 bytes][Goodput ratio: 73/0][7.08 sec][Hostname/SNI: conn-service-eu-04.allawnos.com][bytes ratio: 0.935 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 885/0 3618/0 1162/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 244/74 294/74 93/0][URL: conn-service-eu-04.allawnos.com/generate204][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36][TCP Fingerprint: 2_64_65535_685ad951a756/Android][PLAIN TEXT (nGET /generate204 HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 TCP 10.1.0.60:49674 <-> 142.250.180.163:80 [proto: 7.126/HTTP.Google][Stack: HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 10][cat: ConnCheck/30][Breed: Acceptable][9 pkts/2079 bytes <-> 1 pkts/74 bytes][Goodput ratio: 71/0][7.05 sec][Hostname/SNI: www.google.eu][bytes ratio: 0.931 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 881/0 3584/0 1153/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 231/74 277/74 86/0][URL: www.google.eu/generate_204][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36][TCP Fingerprint: 2_64_65535_685ad951a756/Android][PLAIN TEXT (GET /generate)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 TCP 10.1.0.70:54612 <-> 142.250.180.138:80 [proto: 7.228/HTTP.PlayStore][Stack: HTTP.PlayStore][IP: 126/Google][ClearText][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 9][cat: ConnCheck/30][Breed: Safe][8 pkts/1838 bytes <-> 1 pkts/74 bytes][Goodput ratio: 71/0][3.67 sec][Hostname/SNI: play.googleapis.com][bytes ratio: 0.923 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 524/0 1824/0 607/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 230/74 283/74 92/0][URL: play.googleapis.com/generate_204][User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][PLAIN TEXT (GET /generate)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

4
tests/cfgs/default/result/crawler_false_positive.pcapng.out
View file

@ -24,6 +24,6 @@ OCSP 12 1842 1
Safe 12 1842 1
Web 12 1842 1
Network 12 1842 1
1 TCP 192.168.12.156:38291 <-> 93.184.220.29:80 [proto: 7.63/HTTP.OCSP][Stack: HTTP.OCSP][IP: 288/Edgecast][ClearText][Confidence: DPI][FPC: 288/Edgecast, Confidence: IP address][DPI packets: 8][cat: Web/5][Breed: Safe][7 pkts/705 bytes <-> 5 pkts/1137 bytes][Goodput ratio: 33/70][0.04 sec][Hostname/SNI: ocsp.digicert.com][bytes ratio: -0.235 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/6 8/10 4/4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/227 284/865 75/319][StatusCode: 200][Req Content-Type: application/ocsp-request][Content-Type: application/ocsp-response][Server: ECS (mil/6CF7)][User-Agent: zbtls http][TCP Fingerprint: 2_64_65535_685ad951a756/Android][PLAIN TEXT (ConnectionTP/1.1)][Plen Bins: 33,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
1 TCP 192.168.12.156:38291 <-> 93.184.220.29:80 [proto: 7.63/HTTP.OCSP][Stack: HTTP.OCSP][IP: 288/Edgecast][ClearText][Confidence: DPI][FPC: 288/Edgecast, Confidence: IP address][DPI packets: 8][cat: Network/14][Breed: Safe][7 pkts/705 bytes <-> 5 pkts/1137 bytes][Goodput ratio: 33/70][0.04 sec][Hostname/SNI: ocsp.digicert.com][bytes ratio: -0.235 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/6 8/10 4/4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/227 284/865 75/319][StatusCode: 200][Req Content-Type: application/ocsp-request][Content-Type: application/ocsp-response][Server: ECS (mil/6CF7)][User-Agent: zbtls http][TCP Fingerprint: 2_64_65535_685ad951a756/Android][PLAIN TEXT (ConnectionTP/1.1)][Plen Bins: 33,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

13
tests/cfgs/default/result/custom_breed_cat.pcap.out
View file

@ -25,16 +25,17 @@ CustomProtocolK 1 94 1
CustomProtocolL 1 94 1
CustomProtocolM 1 94 1
Acceptable 2 188 2
Unsafe 1 94 1
Dangerous 1 94 1
Safe 1 94 1
Acceptable 1 94 1
Fun 1 94 1
Potentially_Dangerous 1 94 1
Unspecified 1 94 1
Email 1 94 1
Web 1 94 1
Crypto_Currency 1 94 1
1 TCP [2001:db8::1]:33408 -> [2001:db8::c2fd:b817:5ca8:82dd]:16690 [proto: 470/CustomProtocolJ][Stack: CustomProtocolJ][IP: 470/CustomProtocolJ][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Acceptable][1 pkts/94 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_65476_dc3a5db5296b/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
1 TCP [2001:db8::1]:33408 -> [2001:db8::c2fd:b817:5ca8:82dd]:16690 [proto: 470/CustomProtocolJ][Stack: CustomProtocolJ][IP: 470/CustomProtocolJ][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][Breed: Safe][1 pkts/94 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_65476_dc3a5db5296b/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 TCP [2001:db8::2]:33408 -> [2001:db8::cba5:51b2:8733:6d9e]:38542 [proto: 471/CustomProtocolK][Stack: CustomProtocolK][IP: 471/CustomProtocolK][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Email/3][Breed: Acceptable][1 pkts/94 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_65476_dc3a5db5296b/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 TCP [2003:db8::3]:33408 -> [2001:db8::cc14:67e6:fcd:b96d]:37464 [proto: 3002/CustomProtocolL][Stack: CustomProtocolL][IP: 3002/CustomProtocolL][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][Breed: Unsafe][1 pkts/94 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_65476_dc3a5db5296b/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 TCP [2003:db8::4]:33408 -> [2001:db8::7b51:316f:9fe:4940]:42695 [proto: 3003/CustomProtocolM][Stack: CustomProtocolM][IP: 3003/CustomProtocolM][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Crypto_Currency/106][Breed: Dangerous][1 pkts/94 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_65476_dc3a5db5296b/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 TCP [2003:db8::3]:33408 -> [2001:db8::cc14:67e6:fcd:b96d]:37464 [proto: 3002/CustomProtocolL][Stack: CustomProtocolL][IP: 3002/CustomProtocolL][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][Breed: Fun][1 pkts/94 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_65476_dc3a5db5296b/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 TCP [2003:db8::4]:33408 -> [2001:db8::7b51:316f:9fe:4940]:42695 [proto: 3003/CustomProtocolM][Stack: CustomProtocolM][IP: 3003/CustomProtocolM][ClearText][Confidence: Match by custom rule][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Crypto_Currency/106][Breed: Potentially_Dangerous][1 pkts/94 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_65476_dc3a5db5296b/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

2
tests/cfgs/default/result/custom_rules_ipv6.pcapng.out
View file

@ -29,8 +29,8 @@ CustomProtocolG 1 318 1
CustomProtocolH 1 318 1
CustomProtocolI 1 318 1
Acceptable 7 4128 6
Unrated 1 318 1
Acceptable 7 4128 6
Unspecified 8 4446 7

2
tests/cfgs/default/result/false_positives.pcapng.out
View file

@ -28,8 +28,8 @@ RTP 110 19309 4
RDP 5 1571 1
WebSocket 4 973 1
Acceptable 152 41983 7
Unrated 6 460 1
Acceptable 152 41983 7
Unspecified 6 460 1
Media 110 19309 4

2
tests/cfgs/default/result/ftp.pcap.out
View file

@ -25,9 +25,9 @@ Unknown 132 118184 1
FTP_CONTROL 68 5571 1
FTP_DATA 9 1819 1
Unrated 132 118184 1
Acceptable 9 1819 1
Unsafe 68 5571 1
Unrated 132 118184 1
Unspecified 132 118184 1
Download 77 7390 2

2
tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
View file

@ -36,10 +36,10 @@ SMBv23 3 186 1
RTP 5 1070 1
SIP 82 37904 15
Unrated 33 4066 33
Acceptable 481 74941 198
Unsafe 36 2569 12
Dangerous 6 1377 3
Unrated 33 4066 33
Unspecified 33 4066 33
Media 5 1070 1

2
tests/cfgs/default/result/fuzz-2006-09-29-28586.pcap.out
View file

@ -29,8 +29,8 @@ Patricia protocols IPv6: 0/0 (search/found)
Unknown 3 655 3
HTTP 114 28288 36
Acceptable 114 28288 36
Unrated 3 655 3
Acceptable 114 28288 36
Unspecified 3 655 3
Web 114 28288 36

2
tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out
View file

@ -29,8 +29,8 @@ Unknown 19 6603 19
VRRP 1 725 1
Radius 279 134650 54
Acceptable 280 135375 55
Unrated 19 6603 19
Acceptable 280 135375 55
Unspecified 19 6603 19
Network 280 135375 55

13
tests/cfgs/default/result/gearup_booster.pcap.out
View file

@ -27,7 +27,8 @@ Patricia protocols IPv6: 0/0 (search/found)
QUIC 6 3109 1
GearUP_Booster 418 38397 191
Acceptable 424 41506 192
Acceptable 381 20629 187
Fun 43 20877 5
VPN 418 38397 191
Web 6 3109 1
@ -37,11 +38,11 @@ JA Host Stats:
1 192.168.3.23 3
1 TCP 192.168.3.23:43470 <-> 2.19.126.219:443 [proto: 91.445/TLS.GearUP_Booster][Stack: TLS.GearUP_Booster][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: VPN/2][Breed: Acceptable][3 pkts/723 bytes <-> 5 pkts/3995 bytes][Goodput ratio: 71/92][0.05 sec][Hostname/SNI: file.booster.gearupportal.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.694 (Download)][IAT c2s/s2c min/avg/max/stddev: 4/0 12/8 20/24 8/10][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241/799 583/1506 242/643][nDPI Fingerprint: 8633978ed965731750eef94d246432dc][TCP Fingerprint: 2_64_65535_0c11e5ddde9b/Unknown][TLSv1.3][JA4: t13d1713h1_5b57614c22b0_eca864cca44a][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
2 TCP 192.168.3.23:37119 <-> 104.16.159.112:443 [proto: 91.445/TLS.GearUP_Booster][Stack: TLS.GearUP_Booster][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: VPN/2][Breed: Acceptable][3 pkts/723 bytes <-> 5 pkts/3468 bytes][Goodput ratio: 71/90][0.18 sec][Hostname/SNI: mobile.booster.gearupportal.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.655 (Download)][IAT c2s/s2c min/avg/max/stddev: 51/0 82/42 112/163 30/70][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241/694 583/1506 242/669][nDPI Fingerprint: abd922c18c067ca5b3f9bcbe22ae1911][TCP Fingerprint: 2_64_65535_0c11e5ddde9b/Unknown][TLSv1.3][JA4: t13d1513h2_8daaf6152771_eca864cca44a][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
3 TCP 192.168.3.23:45668 <-> 104.16.159.112:443 [proto: 91.445/TLS.GearUP_Booster][Stack: TLS.GearUP_Booster][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: VPN/2][Breed: Acceptable][3 pkts/723 bytes <-> 5 pkts/3465 bytes][Goodput ratio: 71/90][0.04 sec][Hostname/SNI: log.booster.gearupportal.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.655 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 9/5 16/19 7/8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241/693 583/1506 242/670][nDPI Fingerprint: abd922c18c067ca5b3f9bcbe22ae1911][TCP Fingerprint: 2_64_65535_0c11e5ddde9b/Unknown][TLSv1.3][JA4: t13d1513h2_8daaf6152771_eca864cca44a][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
4 TCP 192.168.3.23:42942 <-> 104.18.53.166:443 [proto: 91.445/TLS.GearUP_Booster][Stack: TLS.GearUP_Booster][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: VPN/2][Breed: Acceptable][3 pkts/723 bytes <-> 5 pkts/3460 bytes][Goodput ratio: 71/90][0.08 sec][Hostname/SNI: abtest.sc.gearupportal.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.654 (Download)][IAT c2s/s2c min/avg/max/stddev: 21/0 28/15 36/57 8/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241/692 583/1506 242/670][nDPI Fingerprint: 8633978ed965731750eef94d246432dc][TCP Fingerprint: 2_64_65535_0c11e5ddde9b/Unknown][TLSv1.3][JA4: t13d1713h1_5b57614c22b0_eca864cca44a][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
5 TCP 192.168.3.23:38726 <-> 104.18.50.182:443 [proto: 91.445/TLS.GearUP_Booster][Stack: TLS.GearUP_Booster][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: VPN/2][Breed: Acceptable][7 pkts/3107 bytes <-> 4 pkts/490 bytes][Goodput ratio: 85/44][0.09 sec][Hostname/SNI: event.sc.gearupportal.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: 0.728 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 11/14 37/26 14/12][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 444/122 1090/284 444/93][nDPI Fingerprint: 6ee65f8ba4c765dfc4dafd030db6289b][TCP Fingerprint: 2_64_65535_0c11e5ddde9b/Unknown][TLSv1.3][JA4: t13d1713h1_5b57614c22b0_352634941f3a][JA3S: 2b0648ab686ee45e0e7c35fcfb0eea7e][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,20,0,0,0,20,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
1 TCP 192.168.3.23:43470 <-> 2.19.126.219:443 [proto: 91.445/TLS.GearUP_Booster][Stack: TLS.GearUP_Booster][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: VPN/2][Breed: Fun][3 pkts/723 bytes <-> 5 pkts/3995 bytes][Goodput ratio: 71/92][0.05 sec][Hostname/SNI: file.booster.gearupportal.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.694 (Download)][IAT c2s/s2c min/avg/max/stddev: 4/0 12/8 20/24 8/10][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241/799 583/1506 242/643][nDPI Fingerprint: 8633978ed965731750eef94d246432dc][TCP Fingerprint: 2_64_65535_0c11e5ddde9b/Unknown][TLSv1.3][JA4: t13d1713h1_5b57614c22b0_eca864cca44a][JA3S: 15af977ce25de452b96affa2addb1036][Safari][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
2 TCP 192.168.3.23:37119 <-> 104.16.159.112:443 [proto: 91.445/TLS.GearUP_Booster][Stack: TLS.GearUP_Booster][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: VPN/2][Breed: Fun][3 pkts/723 bytes <-> 5 pkts/3468 bytes][Goodput ratio: 71/90][0.18 sec][Hostname/SNI: mobile.booster.gearupportal.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.655 (Download)][IAT c2s/s2c min/avg/max/stddev: 51/0 82/42 112/163 30/70][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241/694 583/1506 242/669][nDPI Fingerprint: abd922c18c067ca5b3f9bcbe22ae1911][TCP Fingerprint: 2_64_65535_0c11e5ddde9b/Unknown][TLSv1.3][JA4: t13d1513h2_8daaf6152771_eca864cca44a][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
3 TCP 192.168.3.23:45668 <-> 104.16.159.112:443 [proto: 91.445/TLS.GearUP_Booster][Stack: TLS.GearUP_Booster][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: VPN/2][Breed: Fun][3 pkts/723 bytes <-> 5 pkts/3465 bytes][Goodput ratio: 71/90][0.04 sec][Hostname/SNI: log.booster.gearupportal.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.655 (Download)][IAT c2s/s2c min/avg/max/stddev: 2/0 9/5 16/19 7/8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241/693 583/1506 242/670][nDPI Fingerprint: abd922c18c067ca5b3f9bcbe22ae1911][TCP Fingerprint: 2_64_65535_0c11e5ddde9b/Unknown][TLSv1.3][JA4: t13d1513h2_8daaf6152771_eca864cca44a][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
4 TCP 192.168.3.23:42942 <-> 104.18.53.166:443 [proto: 91.445/TLS.GearUP_Booster][Stack: TLS.GearUP_Booster][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: VPN/2][Breed: Fun][3 pkts/723 bytes <-> 5 pkts/3460 bytes][Goodput ratio: 71/90][0.08 sec][Hostname/SNI: abtest.sc.gearupportal.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.654 (Download)][IAT c2s/s2c min/avg/max/stddev: 21/0 28/15 36/57 8/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 241/692 583/1506 242/670][nDPI Fingerprint: 8633978ed965731750eef94d246432dc][TCP Fingerprint: 2_64_65535_0c11e5ddde9b/Unknown][TLSv1.3][JA4: t13d1713h1_5b57614c22b0_eca864cca44a][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
5 TCP 192.168.3.23:38726 <-> 104.18.50.182:443 [proto: 91.445/TLS.GearUP_Booster][Stack: TLS.GearUP_Booster][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: VPN/2][Breed: Fun][7 pkts/3107 bytes <-> 4 pkts/490 bytes][Goodput ratio: 85/44][0.09 sec][Hostname/SNI: event.sc.gearupportal.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: 0.728 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 11/14 37/26 14/12][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 444/122 1090/284 444/93][nDPI Fingerprint: 6ee65f8ba4c765dfc4dafd030db6289b][TCP Fingerprint: 2_64_65535_0c11e5ddde9b/Unknown][TLSv1.3][JA4: t13d1713h1_5b57614c22b0_352634941f3a][JA3S: 2b0648ab686ee45e0e7c35fcfb0eea7e][Safari][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,20,0,0,0,20,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 UDP 192.168.3.23:47302 <-> 142.251.143.54:443 [proto: 188/QUIC][Stack: QUIC][IP: 126/Google][Encrypted][Confidence: Match by port][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][Breed: Acceptable][2 pkts/253 bytes <-> 4 pkts/2856 bytes][Goodput ratio: 67/94][0.09 sec][bytes ratio: -0.837 (Download)][IAT c2s/s2c min/avg/max/stddev: 35/60 35/20 35/60 0/28][Pkt Len c2s/s2c min/avg/max/stddev: 79/68 126/714 174/1292 48/578][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 6.537 (Executable?)][Plen Bins: 16,16,0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,16,0,0,0,0,0,0,0,0]
7 UDP 192.168.0.21:50374 <-> 129.227.37.102:9999 [proto: 445/GearUP_Booster][Stack: GearUP_Booster][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 445/GearUP_Booster, Confidence: DPI][DPI packets: 1][cat: VPN/2][Breed: Acceptable][10 pkts/600 bytes <-> 10 pkts/500 bytes][Goodput ratio: 13/16][1.75 sec][bytes ratio: 0.091 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 163/126 172/170 184/182 7/18][Pkt Len c2s/s2c min/avg/max/stddev: 60/50 60/50 60/50 0/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
8 UDP 192.168.0.21:59487 <-> 129.227.37.102:9999 [proto: 445/GearUP_Booster][Stack: GearUP_Booster][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 445/GearUP_Booster, Confidence: DPI][DPI packets: 1][cat: VPN/2][Breed: Acceptable][5 pkts/300 bytes <-> 5 pkts/250 bytes][Goodput ratio: 13/16][1.53 sec][bytes ratio: 0.091 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 335/326 336/332 336/336 0/4][Pkt Len c2s/s2c min/avg/max/stddev: 60/50 60/50 60/50 0/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

2
tests/cfgs/default/result/gnutella.pcap.out
View file

@ -39,11 +39,11 @@ WSD 41 39162 4
LLMNR 10 770 6
NAT-PMP 4 176 4
Unrated 298 19232 86
Safe 21 4395 1
Acceptable 184 57460 38
Potentially_Dangerous 3374 495188 634
Dangerous 5 1215 1
Unrated 298 19232 86
Unspecified 298 19232 86
Media 21 10027 2

2
tests/cfgs/default/result/gtp_false_positive.pcapng.out
View file

@ -26,8 +26,8 @@ Patricia protocols IPv6: 0/0 (search/found)
Unknown 5 428 1
GTP 2 424 2
Acceptable 2 424 2
Unrated 5 428 1
Acceptable 2 424 2
Unspecified 5 428 1
Network 2 424 2

4
tests/cfgs/default/result/hls.pcapng.out
View file

@ -24,6 +24,6 @@ HLS 13 1019 1
Fun 13 1019 1
Web 13 1019 1
Media 13 1019 1
1 TCP 10.215.173.1:41644 <-> 192.168.88.231:8080 [proto: 7.418/HTTP.HLS][Stack: HTTP.HLS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Fun][7 pkts/448 bytes <-> 6 pkts/571 bytes][Goodput ratio: 33/56][5.34 sec][Hostname/SNI: 192.168.88.231][bytes ratio: -0.121 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1060/0 5298/1 2119/0][Pkt Len c2s/s2c min/avg/max/stddev: 40/40 64/95 188/246 51/80][URL: 192.168.88.231:8080/output.m3u8][StatusCode: 200][Content-Type: application/vnd.apple.mpegurl][Server: SimpleHTTP/0.6 Python/3.11.4][User-Agent: VLC/3.0.18 LibVLC/3.0.18][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 192.168.88.231 / Expected on port 80][TCP Fingerprint: 2_64_65535_b8d6cf600040/Unknown][PLAIN TEXT (GET /output.m)][Plen Bins: 0,0,0,33,33,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
1 TCP 10.215.173.1:41644 <-> 192.168.88.231:8080 [proto: 7.418/HTTP.HLS][Stack: HTTP.HLS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Media/1][Breed: Fun][7 pkts/448 bytes <-> 6 pkts/571 bytes][Goodput ratio: 33/56][5.34 sec][Hostname/SNI: 192.168.88.231][bytes ratio: -0.121 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1060/0 5298/1 2119/0][Pkt Len c2s/s2c min/avg/max/stddev: 40/40 64/95 188/246 51/80][URL: 192.168.88.231:8080/output.m3u8][StatusCode: 200][Content-Type: application/vnd.apple.mpegurl][Server: SimpleHTTP/0.6 Python/3.11.4][User-Agent: VLC/3.0.18 LibVLC/3.0.18][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 192.168.88.231 / Expected on port 80][TCP Fingerprint: 2_64_65535_b8d6cf600040/Unknown][PLAIN TEXT (GET /output.m)][Plen Bins: 0,0,0,33,33,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

4
tests/cfgs/default/result/http-pwd.pcapng.out
View file

@ -24,6 +24,6 @@ ntop 14 1805 1
Safe 14 1805 1
Web 14 1805 1
Network 14 1805 1
1 TCP 127.0.0.1:56451 <-> 127.0.0.1:3000 [proto: 7.26/HTTP.ntop][Stack: HTTP.ntop][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][Breed: Safe][7 pkts/1151 bytes <-> 7 pkts/654 bytes][Goodput ratio: 65/38][0.00 sec][Username: admin][Password: adminpwd][Hostname/SNI: localhost][bytes ratio: 0.275 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4/4 1/1 4/4 2/2][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 164/93 747/306 239/87][URL: localhost:3000/authorize.html][StatusCode: 302][Req Content-Type: application/x-www-form-urlencoded][Server: ntopng 6.3.241001 (arm64)][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1 Safari/605.1.15][Risk: ** Clear-Text Credentials **][Risk Score: 100][Risk Info: Found password][TCP Fingerprint: 2_64_65535_99a660d3e328/macOS][PLAIN TEXT (XPOST /authorize.html HTTP/1.1)][Plen Bins: 0,33,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
1 TCP 127.0.0.1:56451 <-> 127.0.0.1:3000 [proto: 7.26/HTTP.ntop][Stack: HTTP.ntop][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Network/14][Breed: Safe][7 pkts/1151 bytes <-> 7 pkts/654 bytes][Goodput ratio: 65/38][0.00 sec][Username: admin][Password: adminpwd][Hostname/SNI: localhost][bytes ratio: 0.275 (Upload)][IAT c2s/s2c min/avg/max/stddev: 4/4 1/1 4/4 2/2][Pkt Len c2s/s2c min/avg/max/stddev: 56/56 164/93 747/306 239/87][URL: localhost:3000/authorize.html][StatusCode: 302][Req Content-Type: application/x-www-form-urlencoded][Server: ntopng 6.3.241001 (arm64)][User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1 Safari/605.1.15][Risk: ** Clear-Text Credentials **][Risk Score: 100][Risk Info: Found password][TCP Fingerprint: 2_64_65535_99a660d3e328/macOS][PLAIN TEXT (XPOST /authorize.html HTTP/1.1)][Plen Bins: 0,33,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

2
tests/cfgs/default/result/instagram.pcap.out
View file

@ -34,10 +34,10 @@ TLS 103 62597 5
Dropbox 5 725 2
Instagram 569 390301 18
Unrated 1 66 1
Safe 103 62597 5
Acceptable 173 133082 14
Fun 569 390301 18
Unrated 1 66 1
Unspecified 1 66 1
Web 259 193369 12

2
tests/cfgs/default/result/ipv6_in_gtp.pcap.out
View file

@ -25,8 +25,8 @@ Patricia protocols IPv6: 4/0 (search/found)
Unknown 1 150 1
ESP 1 166 1
Safe 1 166 1
Unrated 1 150 1
Safe 1 166 1
Unspecified 1 150 1
VPN 1 166 1

2
tests/cfgs/default/result/kerberos.pcap.out
View file

@ -29,8 +29,8 @@ SMBv23 6 1914 3
Kerberos 48 19194 24
LDAP 14 4152 7
Acceptable 68 25260 34
Unrated 9 3031 2
Acceptable 68 25260 34
Unspecified 9 3031 2
Network 48 19194 24

19
tests/cfgs/default/result/lagofast.pcap.out
View file

@ -26,7 +26,8 @@ TLS 5 6130 5
LagoFast 20 5732 20
Safe 5 6130 5
Acceptable 25 6140 25
Acceptable 17 1560 17
Fun 8 4580 8
VPN 20 5732 20
Web 5 6130 5
@ -48,14 +49,14 @@ JA Host Stats:
2 TCP 136.238.7.95:443 -> 231.209.192.237:44640 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Safe][1 pkts/1506 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][TLSv1.3][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0]
3 TCP 226.143.37.182:443 -> 70.254.111.101:37898 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Safe][1 pkts/1506 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][TLSv1.3][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0]
4 TCP 24.105.33.150:443 -> 5.163.124.163:47280 [proto: 91/TLS][Stack: TLS][IP: 213/Blizzard][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Safe][1 pkts/1494 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][TLSv1.3][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0]
5 TCP 0.230.137.78:39354 -> 142.141.18.132:443 [proto: 91.444/TLS.LagoFast][Stack: TLS.LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.444/TLS.LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][Breed: Acceptable][1 pkts/583 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][< 1 sec][Hostname/SNI: gabooster.6fast.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA4: t13d1713h1_5b57614c22b0_eca864cca44a][Safari][PLAIN TEXT (gabooster.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 TCP 99.189.94.53:45702 -> 185.5.215.83:443 [proto: 91.444/TLS.LagoFast][Stack: TLS.LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.444/TLS.LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][Breed: Acceptable][1 pkts/571 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: report.lagofast.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA4: t13d1513h2_8daaf6152771_eca864cca44a][Safari][PLAIN TEXT (report.lagofast.com)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 TCP 105.60.130.195:44642 -> 186.249.185.190:443 [proto: 91.444/TLS.LagoFast][Stack: TLS.LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.444/TLS.LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][Breed: Acceptable][1 pkts/571 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: cbs.lagofast.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA4: t13d1513h2_8daaf6152771_eca864cca44a][Safari][PLAIN TEXT (bs.lagofast.com)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
8 TCP 172.142.219.219:44644 -> 5.97.101.77:443 [proto: 91.444/TLS.LagoFast][Stack: TLS.LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.444/TLS.LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][Breed: Acceptable][1 pkts/571 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: cbs.lagofast.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA4: t13d1513h2_8daaf6152771_eca864cca44a][Safari][PLAIN TEXT (bs.lagofast.com)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
9 TCP 180.239.121.250:44636 -> 23.200.86.51:443 [proto: 91.444/TLS.LagoFast][Stack: TLS.LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.444/TLS.LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][Breed: Acceptable][1 pkts/571 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: cbs.lagofast.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA4: t13d1513h2_8daaf6152771_eca864cca44a][Safari][PLAIN TEXT (bs.lagofast.com)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
10 TCP 206.184.203.226:44640 -> 8.106.2.77:443 [proto: 91.444/TLS.LagoFast][Stack: TLS.LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.444/TLS.LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][Breed: Acceptable][1 pkts/571 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: cbs.lagofast.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA4: t13d1713h1_5b57614c22b0_eca864cca44a][Safari][PLAIN TEXT (bs.lagofast.com)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
11 TCP 224.201.159.146:37898 -> 15.33.130.35:443 [proto: 91.444/TLS.LagoFast][Stack: TLS.LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.444/TLS.LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][Breed: Acceptable][1 pkts/571 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: static.lagofast.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA4: t13d1713h1_5b57614c22b0_eca864cca44a][Safari][PLAIN TEXT (static.lagofast.com)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
12 TCP 236.82.25.211:45722 -> 237.191.110.161:443 [proto: 91.444/TLS.LagoFast][Stack: TLS.LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.444/TLS.LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][Breed: Acceptable][1 pkts/571 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: report.lagofast.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.2][JA4: t13d1513h2_8daaf6152771_eca864cca44a][Safari][PLAIN TEXT (report.lagofast.com)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 TCP 0.230.137.78:39354 -> 142.141.18.132:443 [proto: 91.444/TLS.LagoFast][Stack: TLS.LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.444/TLS.LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][Breed: Fun][1 pkts/583 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][< 1 sec][Hostname/SNI: gabooster.6fast.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA4: t13d1713h1_5b57614c22b0_eca864cca44a][Safari][PLAIN TEXT (gabooster.6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 TCP 99.189.94.53:45702 -> 185.5.215.83:443 [proto: 91.444/TLS.LagoFast][Stack: TLS.LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.444/TLS.LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][Breed: Fun][1 pkts/571 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: report.lagofast.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA4: t13d1513h2_8daaf6152771_eca864cca44a][Safari][PLAIN TEXT (report.lagofast.com)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 TCP 105.60.130.195:44642 -> 186.249.185.190:443 [proto: 91.444/TLS.LagoFast][Stack: TLS.LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.444/TLS.LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][Breed: Fun][1 pkts/571 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: cbs.lagofast.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA4: t13d1513h2_8daaf6152771_eca864cca44a][Safari][PLAIN TEXT (bs.lagofast.com)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
8 TCP 172.142.219.219:44644 -> 5.97.101.77:443 [proto: 91.444/TLS.LagoFast][Stack: TLS.LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.444/TLS.LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][Breed: Fun][1 pkts/571 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: cbs.lagofast.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA4: t13d1513h2_8daaf6152771_eca864cca44a][Safari][PLAIN TEXT (bs.lagofast.com)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
9 TCP 180.239.121.250:44636 -> 23.200.86.51:443 [proto: 91.444/TLS.LagoFast][Stack: TLS.LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.444/TLS.LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][Breed: Fun][1 pkts/571 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: cbs.lagofast.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA4: t13d1513h2_8daaf6152771_eca864cca44a][Safari][PLAIN TEXT (bs.lagofast.com)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
10 TCP 206.184.203.226:44640 -> 8.106.2.77:443 [proto: 91.444/TLS.LagoFast][Stack: TLS.LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.444/TLS.LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][Breed: Fun][1 pkts/571 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: cbs.lagofast.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA4: t13d1713h1_5b57614c22b0_eca864cca44a][Safari][PLAIN TEXT (bs.lagofast.com)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
11 TCP 224.201.159.146:37898 -> 15.33.130.35:443 [proto: 91.444/TLS.LagoFast][Stack: TLS.LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.444/TLS.LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][Breed: Fun][1 pkts/571 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: static.lagofast.com][(Advertised) ALPNs: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA4: t13d1713h1_5b57614c22b0_eca864cca44a][Safari][PLAIN TEXT (static.lagofast.com)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
12 TCP 236.82.25.211:45722 -> 237.191.110.161:443 [proto: 91.444/TLS.LagoFast][Stack: TLS.LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91.444/TLS.LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][Breed: Fun][1 pkts/571 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][< 1 sec][Hostname/SNI: report.lagofast.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.2][JA4: t13d1513h2_8daaf6152771_eca864cca44a][Safari][PLAIN TEXT (report.lagofast.com)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
13 TCP 109.65.199.230:37898 -> 9.207.246.240:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Safe][1 pkts/118 bytes -> 0 pkts/0 bytes][Goodput ratio: 54/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
14 UDP 0.40.128.100:59607 -> 172.119.18.180:2672 [proto: 444/LagoFast][Stack: LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 444/LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][Breed: Acceptable][1 pkts/96 bytes -> 0 pkts/0 bytes][Goodput ratio: 56/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
15 UDP 23.147.144.74:59607 -> 63.29.27.84:6198 [proto: 444/LagoFast][Stack: LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 444/LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][Breed: Acceptable][1 pkts/96 bytes -> 0 pkts/0 bytes][Goodput ratio: 56/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

2
tests/cfgs/default/result/log4j-webapp-exploit.pcap.out
View file

@ -25,8 +25,8 @@ Unknown 356 25081 2
HTTP 34 6741 3
LDAP 32 2796 2
Acceptable 66 9537 5
Unrated 356 25081 2
Acceptable 66 9537 5
Unspecified 356 25081 2
Web 9 1497 1

6
tests/cfgs/default/result/malware.pcap.out
View file

@ -30,8 +30,8 @@ HTTP 3 547 2
ICMP 1 98 1
TLS 94 60194 2
Safe 94 60194 2
Acceptable 6 861 4
Safe 74 53054 1
Acceptable 26 8001 5
Web 74 53054 1
Network 2 216 1
@ -44,7 +44,7 @@ JA Host Stats:
1 TCP 192.168.0.20:41240 <-> 193.109.85.123:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 11][cat: Web/5][Breed: Safe][22 pkts/4006 bytes <-> 52 pkts/49048 bytes][Goodput ratio: 70/94][0.89 sec][Hostname/SNI: hobbeach.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.849 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 53/18 159/269 55/55][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 182/943 847/1506 265/684][nDPI Fingerprint: dfd5ded1cc23ba400f442b696447d899][TCP Fingerprint: 2_192_64240_565ad129ac37/Unknown][TLSv1.2][JA4: t13d1515h2_8daaf6152771_6a09c78d0dc2][ServerNames: hobbeach.com][JA3S: d154fcfa5bb4f0748e1dd1992c681104][Issuer: C=US, O=Let's Encrypt, CN=R3][Subject: CN=hobbeach.com][ECH: version 0xfe0d][Certificate SHA-1: 30:C9:08:A7:5D:AC:71:2C:07:00:51:20:4D:91:DC:3C:BA:7E:0A:46][Firefox][Validity: 2023-10-25 09:42:51 - 2024-01-23 09:42:50][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,5,0,2,0,0,0,2,0,0,0,0,0,2,0,0,0,0,0,2,0,0,0,5,0,0,0,0,0,2,0,0,0,0,0,0,0,2,0,0,2,0,0,0,75,0,0]
2 TCP 192.168.7.7:35236 <-> 67.215.92.210:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: Malware/100][Breed: Safe][11 pkts/1280 bytes <-> 9 pkts/5860 bytes][Goodput ratio: 53/91][0.64 sec][Hostname/SNI: www.internetbadguys.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.641 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 71/75 240/249 99/103][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116/651 571/1514 148/644][Risk: ** TLS Cert Mismatch **][Risk Score: 100][Risk Info: www.internetbadguys.com vs api.opendns.com,branded-login.opendns.com,cachecheck.opendns.com,community.opendns.com,dashboard2.o][nDPI Fingerprint: 5e41fcea18fea298647440fe14083e28][TCP Fingerprint: 2_64_64240_565ad129ac37/Unknown][TLSv1.2][JA4: t13d1814h2_29a2cd9e9f10_d267a5f792d4][ServerNames: api.opendns.com,branded-login.opendns.com,cachecheck.opendns.com,community.opendns.com,dashboard2.opendns.com,dashboard.opendns.com,dashboard-ipv4.opendns.com,msp-login.opendns.com,api-ipv4.opendns.com,api-ipv6.opendns.com,authz.api.opendns.com,domain.opendns.com,help.vpn.opendns.com,ideabank.opendns.com,login.opendns.com,netgear.opendns.com,reseller-login.opendns.com,images.opendns.com,images-using.opendns.com,store.opendns.com,signup.opendns.com,twilio.opendns.com,updates.opendns.com,shared.opendns.com,tools.opendns.com,cache.opendns.com,api.umbrella.com,branded-login.umbrella.com,cachecheck.umbrella.com,community.umbrella.com,dashboard2.umbrella.com,dashboard.umbrella.com,dashboard-ipv4.umbrella.com,msp-login.umbrella.com,api-ipv4.umbrella.com,api-ipv6.umbrella.com,authz.api.umbrella.com,domain.umbrella.com,help.vpn.umbrella.com,ideabank.umbrella.com,login.umbrella.com,netgear.umbrella.com,reseller-login.umbrella.com,images.umbrella.com,images-using.umbrella.com,store.umbrella.com,signup.umbrella.com,twilio.umbrella.com,updates.umbrella.com,shared.umbrella.com,tools.umbrella.com,cache.umbrella.com][JA3S: 0c0aff9ccea5e7e1de5c3a0069d103f3][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=OpenDNS, Inc., CN=api.opendns.com][Certificate SHA-1: 21:B4:CF:84:13:3A:21:A4:B0:02:63:76:39:84:EA:ED:27:EE:51:7C][Firefox][Validity: 2018-04-26 00:00:00 - 2020-07-29 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,0,0,12,0,0,0,0,12,0,0,0,0,0,0,0,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,38,0,0]
2 TCP 192.168.7.7:35236 <-> 67.215.92.210:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: Malware/100][Breed: Acceptable][11 pkts/1280 bytes <-> 9 pkts/5860 bytes][Goodput ratio: 53/91][0.64 sec][Hostname/SNI: www.internetbadguys.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.641 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 71/75 240/249 99/103][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116/651 571/1514 148/644][Risk: ** TLS Cert Mismatch **][Risk Score: 100][Risk Info: www.internetbadguys.com vs api.opendns.com,branded-login.opendns.com,cachecheck.opendns.com,community.opendns.com,dashboard2.o][nDPI Fingerprint: 5e41fcea18fea298647440fe14083e28][TCP Fingerprint: 2_64_64240_565ad129ac37/Unknown][TLSv1.2][JA4: t13d1814h2_29a2cd9e9f10_d267a5f792d4][ServerNames: api.opendns.com,branded-login.opendns.com,cachecheck.opendns.com,community.opendns.com,dashboard2.opendns.com,dashboard.opendns.com,dashboard-ipv4.opendns.com,msp-login.opendns.com,api-ipv4.opendns.com,api-ipv6.opendns.com,authz.api.opendns.com,domain.opendns.com,help.vpn.opendns.com,ideabank.opendns.com,login.opendns.com,netgear.opendns.com,reseller-login.opendns.com,images.opendns.com,images-using.opendns.com,store.opendns.com,signup.opendns.com,twilio.opendns.com,updates.opendns.com,shared.opendns.com,tools.opendns.com,cache.opendns.com,api.umbrella.com,branded-login.umbrella.com,cachecheck.umbrella.com,community.umbrella.com,dashboard2.umbrella.com,dashboard.umbrella.com,dashboard-ipv4.umbrella.com,msp-login.umbrella.com,api-ipv4.umbrella.com,api-ipv6.umbrella.com,authz.api.umbrella.com,domain.umbrella.com,help.vpn.umbrella.com,ideabank.umbrella.com,login.umbrella.com,netgear.umbrella.com,reseller-login.umbrella.com,images.umbrella.com,images-using.umbrella.com,store.umbrella.com,signup.umbrella.com,twilio.umbrella.com,updates.umbrella.com,shared.umbrella.com,tools.umbrella.com,cache.umbrella.com][JA3S: 0c0aff9ccea5e7e1de5c3a0069d103f3][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=OpenDNS, Inc., CN=api.opendns.com][Certificate SHA-1: 21:B4:CF:84:13:3A:21:A4:B0:02:63:76:39:84:EA:ED:27:EE:51:7C][Firefox][Validity: 2018-04-26 00:00:00 - 2020-07-29 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,0,0,12,0,0,0,0,12,0,0,0,0,0,0,0,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,38,0,0]
3 TCP 192.168.7.7:48394 <-> 67.215.92.210:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Malware/100][Breed: Acceptable][1 pkts/383 bytes <-> 1 pkts/98 bytes][Goodput ratio: 86/44][0.21 sec][Hostname/SNI: www.internetbadguys.com][URL: www.internetbadguys.com/][User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,50,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 UDP 192.168.7.7:42370 <-> 1.1.1.1:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/106 bytes <-> 1 pkts/110 bytes][Goodput ratio: 60/61][0.02 sec][Hostname/SNI: www.internetbadguys.com][67.215.92.210][DNS Id: 0x0ba4][PLAIN TEXT (internetbadguys)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 ICMP 192.168.7.7:0 -> 144.139.247.220:0 [proto: 81/ICMP][Stack: ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Malware/100][Breed: Acceptable][1 pkts/98 bytes -> 0 pkts/0 bytes][Goodput ratio: 57/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **** Client Contacted A Malware Host **][Risk Score: 170][Risk Info: Client contacted malware host / No server to client traffic / Entropy: 5.298 (Executable?)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

2
tests/cfgs/default/result/mongodb.pcap.out
View file

@ -27,8 +27,8 @@ Patricia protocols IPv6: 0/0 (search/found)
Unknown 3 230 1
MongoDB 24 2510 7
Acceptable 24 2510 7
Unrated 3 230 1
Acceptable 24 2510 7
Unspecified 3 230 1
Database 24 2510 7

5
tests/cfgs/default/result/ocsp.pcapng.out
View file

@ -24,11 +24,10 @@ OCSP 344 73647 10
Safe 344 73647 10
Web 23 10871 1
Network 321 62776 9
Network 344 73647 10
1 TCP 192.168.1.128:49034 <-> 23.12.96.145:80 [proto: 7.63/HTTP.OCSP][Stack: HTTP.OCSP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][Breed: Safe][24 pkts/3999 bytes <-> 22 pkts/8476 bytes][Goodput ratio: 29/69][117.30 sec][Hostname/SNI: ocsp.entrust.net][bytes ratio: -0.359 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5094/5187 10241/10241 4906/5058][Pkt Len c2s/s2c min/avg/max/stddev: 118/118 167/385 505/1566 128/500][URL: ocsp.entrust.net/][StatusCode: 200][Req Content-Type: application/ocsp-request][Content-Type: application/ocsp-response][User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][PLAIN TEXT (BHPOST / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0]
2 TCP 192.168.1.227:49813 <-> 109.70.240.130:80 [proto: 7.63/HTTP.OCSP][Stack: HTTP.OCSP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Safe][10 pkts/2245 bytes <-> 13 pkts/8626 bytes][Goodput ratio: 51/84][65.14 sec][Hostname/SNI: ocsp07.actalis.it][bytes ratio: -0.587 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/8 28/36 10/15][Pkt Len c2s/s2c min/avg/max/stddev: 112/112 224/664 491/1566 171/540][URL: ocsp07.actalis.it/VA/AUTH-ROOT/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSw4x5v4bTlizjNRmTdkYSy7q0R9gQUUtiIOsifeGbtifN7OHCUyQICNtACEEWXMtjzGMt1k6L0aA%2BQ6tk%3D][StatusCode: 200][Content-Type: application/ocsp-response][Server: nginx][User-Agent: Microsoft-CryptoAPI/10.0][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (GET /VA/AUTH)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,41,8,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
2 TCP 192.168.1.227:49813 <-> 109.70.240.130:80 [proto: 7.63/HTTP.OCSP][Stack: HTTP.OCSP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][Breed: Safe][10 pkts/2245 bytes <-> 13 pkts/8626 bytes][Goodput ratio: 51/84][65.14 sec][Hostname/SNI: ocsp07.actalis.it][bytes ratio: -0.587 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/8 28/36 10/15][Pkt Len c2s/s2c min/avg/max/stddev: 112/112 224/664 491/1566 171/540][URL: ocsp07.actalis.it/VA/AUTH-ROOT/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSw4x5v4bTlizjNRmTdkYSy7q0R9gQUUtiIOsifeGbtifN7OHCUyQICNtACEEWXMtjzGMt1k6L0aA%2BQ6tk%3D][StatusCode: 200][Content-Type: application/ocsp-response][Server: nginx][User-Agent: Microsoft-CryptoAPI/10.0][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][PLAIN TEXT (GET /VA/AUTH)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,41,8,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
3 TCP 192.168.1.128:47904 <-> 93.184.220.29:80 [proto: 7.63/HTTP.OCSP][Stack: HTTP.OCSP][IP: 288/Edgecast][ClearText][Confidence: DPI][FPC: 288/Edgecast, Confidence: IP address][DPI packets: 6][cat: Network/14][Breed: Safe][27 pkts/4355 bytes <-> 23 pkts/5119 bytes][Goodput ratio: 27/47][166.99 sec][Hostname/SNI: ocsp.digicert.com][bytes ratio: -0.081 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2/0 6194/7858 10240/10240 4838/4216][Pkt Len c2s/s2c min/avg/max/stddev: 118/118 161/223 505/917 122/269][URL: ocsp.digicert.com/][StatusCode: 200][Req Content-Type: application/ocsp-request][Content-Type: application/ocsp-response][Server: ECS (mil/6CEA)][User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][PLAIN TEXT (POST / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 TCP 192.168.1.128:54154 <-> 142.250.184.99:80 [proto: 7.63/HTTP.OCSP][Stack: HTTP.OCSP][IP: 126/Google][ClearText][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Network/14][Breed: Safe][26 pkts/3864 bytes <-> 24 pkts/4244 bytes][Goodput ratio: 20/33][193.02 sec][Hostname/SNI: ocsp.pki.goog][bytes ratio: -0.047 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/7 7460/8270 10243/10242 4397/3814][Pkt Len c2s/s2c min/avg/max/stddev: 118/118 149/177 512/820 105/194][URL: ocsp.pki.goog/gts1o1core][StatusCode: 200][Req Content-Type: application/ocsp-request][Content-Type: application/ocsp-response][Server: ocsp_responder][User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][PLAIN TEXT (POST /gts)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 TCP 192.168.1.128:43728 <-> 92.122.95.235:80 [proto: 7.63/HTTP.OCSP][Stack: HTTP.OCSP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][Breed: Safe][19 pkts/3022 bytes <-> 17 pkts/3792 bytes][Goodput ratio: 26/47][123.97 sec][Hostname/SNI: r3.o.lencr.org][bytes ratio: -0.113 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 6898/7491 10244/10244 4464/4342][Pkt Len c2s/s2c min/avg/max/stddev: 118/118 159/223 504/1007 118/286][URL: r3.o.lencr.org/][StatusCode: 200][Req Content-Type: application/ocsp-request][Content-Type: application/ocsp-response][Server: nginx][User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][PLAIN TEXT (xPOST / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

2
tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out
View file

@ -29,9 +29,9 @@ Unknown 9 638 5
Blizzard 4 200 4
Protobuf 8 2487 1
Unrated 9 638 5
Safe 8 2487 1
Fun 4 200 4
Unrated 9 638 5
Unspecified 9 638 5
Game 4 200 4

13
tests/cfgs/default/result/pinterest.pcap.out
View file

@ -29,9 +29,10 @@ Google 328 150112 5
Pinterest 239 115791 9
GoogleServices 55 11104 1
Safe 205 91684 20
Acceptable 383 161216 6
Fun 323 193395 11
Safe 123 50643 18
Acceptable 322 131105 5
Fun 357 211361 12
Tracker_Ads 109 53186 2
Media 34 17966 1
Web 445 181748 23
@ -48,10 +49,10 @@ JA Host Stats:
3 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:40694 <-> [2a00:1450:4007:816::2004]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][Breed: Acceptable][43 pkts/11445 bytes <-> 64 pkts/36753 bytes][Goodput ratio: 68/85][1.89 sec][Hostname/SNI: www.google.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.525 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 53/28 960/963 172/136][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 266/574 1474/1294 372/530][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 3,17,4,4,0,3,4,1,3,1,4,0,1,1,0,0,1,0,1,0,1,3,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,35,0,0,0,0,0,4,0,0,0,0]
4 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:43562 <-> [2a00:1450:4007:805::2003]:443 [proto: 91/TLS][Stack: TLS][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 5][cat: Web/5][Breed: Safe][17 pkts/1782 bytes <-> 33 pkts/34703 bytes][Goodput ratio: 18/92][0.20 sec][bytes ratio: -0.902 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/6 28/173 8/32][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 105/1052 244/1294 46/464][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 0,6,0,6,3,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,75,0,0,0,0,0,0,0,0,0,0]
5 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38546 <-> [2a04:4e42:1d::84]:443 [proto: 91.183/TLS.Pinterest][Stack: TLS.Pinterest][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 11][cat: SocialNetwork/6][Breed: Fun][23 pkts/3137 bytes <-> 29 pkts/28329 bytes][Goodput ratio: 37/91][0.38 sec][Hostname/SNI: assets.pinterest.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.801 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/14 111/135 29/35][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 136/977 603/1474 118/629][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: *.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com][Certificate SHA-1: 1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E][Chrome][Validity: 2020-07-16 00:00:00 - 2021-08-04 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,3,7,3,3,0,0,3,7,0,0,0,0,0,0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,63,0,0,0,0]
6 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:45126 <-> [2a00:1450:4007:80a::200e]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Advertisement/101][Breed: Acceptable][26 pkts/3664 bytes <-> 35 pkts/26447 bytes][Goodput ratio: 39/89][0.43 sec][Hostname/SNI: www.google-analytics.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.757 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/6 157/112 39/22][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 141/756 603/1294 126/544][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 2,9,12,0,0,0,2,0,2,0,0,5,2,0,2,0,2,0,2,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,2,2,0,50,0,0,0,0,0,0,0,0,0,0]
7 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:40114 <-> [64:ff9b::9765:7a6e]:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Advertisement/101][Breed: Safe][22 pkts/2917 bytes <-> 26 pkts/20158 bytes][Goodput ratio: 35/89][0.13 sec][Hostname/SNI: js-agent.newrelic.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.747 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/3 45/37 12/9][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 133/775 603/1134 119/476][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: f4.shared.global.fastly.net,*.500px.com,*.500px.net,*.500px.org,*.acceptance.habitat.sh,*.api.swiftype.com,*.art19.com,*.brave.com,*.chef.co,*.chef.io,*.cookpad.com,*.evbstatic.com,*.eventbrite.com,*.experiencepoint.com,*.fs.pastbook.com,*.fs.quploads.com,*.ftcdn.net,*.fubo.tv,*.getchef.com,*.githash.fubo.tv,*.habitat.sh,*.inspec.io,*.issuu.com,*.isu.pub,*.jimdo-dev-staging.com,*.jimdo-stable-staging.com,*.lulus.com,*.mansion-market.com,*.marfeel.com,*.massrel.io,*.meetu.ps,*.meetup.com,*.meetupstatic.com,*.newrelic.com,*.opscode.com,*.perimeterx.net,*.production.cdn.art19.com,*.staging.art19.com,*.staging.cdn.art19.com,*.swiftype.com,*.tissuu.com,*.video.franklyinc.com,*.wikihow.com,*.worldnow.com,500px.com,500px.net,500px.org,a1.awin1.com,acceptance.habitat.sh,api.swiftype.com,app.birchbox.com,app.staging.birchbox.com,app.staging.birchbox.es,art19.com,brave.com,cdn-f.adsmoloco.com,cdn.evbuc.com,cdn.polyfills.io,chef.co,chef.io,content.gamefuel.info,evbuc.com,experiencepoint.com,fast.appcues.com,fast.wistia.com,fast.wistia.net,fast.wistia.st,fubo.tv,getchef.com,githash.fubo.tv,habitat.sh,hbbtv.6play.fr,houstontexans.com,insight.atpi.com,inspec.io,jimdo-dev-staging.com,jimdo-stable-staging.com,link.sg.booking.com,mansion-market.com,media.bunited.com,meetu.ps,meetup.com,meetupstatic.com,onairhls.malimarcdn.net,opscode.com,perimeterx.net,polyfill.webservices.ft.com,qa.polyfills.io,raiders.com,s.sg.booking.com,s.swiftypecdn.com,static.birchbox.com,swiftype.com,viverepiusani.it,wikihow.com,wistia.com,www.dwin2.com,www.houstontexans.com,www.raiders.com,www.wada-ama.org][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3][Subject: C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=f4.shared.global.fastly.net][Certificate SHA-1: BE:28:82:77:5B:06:41:1F:70:84:BD:A4:B9:FB:F0:BC:B1:B5:E3:A0][Chrome][Validity: 2020-10-23 11:03:25 - 2021-05-07 20:27:49][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,8,8,4,0,0,0,0,8,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,64,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:45126 <-> [2a00:1450:4007:80a::200e]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Advertisement/101][Breed: Tracker_Ads][26 pkts/3664 bytes <-> 35 pkts/26447 bytes][Goodput ratio: 39/89][0.43 sec][Hostname/SNI: www.google-analytics.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.757 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/6 157/112 39/22][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 141/756 603/1294 126/544][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 2,9,12,0,0,0,2,0,2,0,0,5,2,0,2,0,2,0,2,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,2,2,0,50,0,0,0,0,0,0,0,0,0,0]
7 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:40114 <-> [64:ff9b::9765:7a6e]:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Advertisement/101][Breed: Tracker_Ads][22 pkts/2917 bytes <-> 26 pkts/20158 bytes][Goodput ratio: 35/89][0.13 sec][Hostname/SNI: js-agent.newrelic.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.747 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/3 45/37 12/9][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 133/775 603/1134 119/476][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: f4.shared.global.fastly.net,*.500px.com,*.500px.net,*.500px.org,*.acceptance.habitat.sh,*.api.swiftype.com,*.art19.com,*.brave.com,*.chef.co,*.chef.io,*.cookpad.com,*.evbstatic.com,*.eventbrite.com,*.experiencepoint.com,*.fs.pastbook.com,*.fs.quploads.com,*.ftcdn.net,*.fubo.tv,*.getchef.com,*.githash.fubo.tv,*.habitat.sh,*.inspec.io,*.issuu.com,*.isu.pub,*.jimdo-dev-staging.com,*.jimdo-stable-staging.com,*.lulus.com,*.mansion-market.com,*.marfeel.com,*.massrel.io,*.meetu.ps,*.meetup.com,*.meetupstatic.com,*.newrelic.com,*.opscode.com,*.perimeterx.net,*.production.cdn.art19.com,*.staging.art19.com,*.staging.cdn.art19.com,*.swiftype.com,*.tissuu.com,*.video.franklyinc.com,*.wikihow.com,*.worldnow.com,500px.com,500px.net,500px.org,a1.awin1.com,acceptance.habitat.sh,api.swiftype.com,app.birchbox.com,app.staging.birchbox.com,app.staging.birchbox.es,art19.com,brave.com,cdn-f.adsmoloco.com,cdn.evbuc.com,cdn.polyfills.io,chef.co,chef.io,content.gamefuel.info,evbuc.com,experiencepoint.com,fast.appcues.com,fast.wistia.com,fast.wistia.net,fast.wistia.st,fubo.tv,getchef.com,githash.fubo.tv,habitat.sh,hbbtv.6play.fr,houstontexans.com,insight.atpi.com,inspec.io,jimdo-dev-staging.com,jimdo-stable-staging.com,link.sg.booking.com,mansion-market.com,media.bunited.com,meetu.ps,meetup.com,meetupstatic.com,onairhls.malimarcdn.net,opscode.com,perimeterx.net,polyfill.webservices.ft.com,qa.polyfills.io,raiders.com,s.sg.booking.com,s.swiftypecdn.com,static.birchbox.com,swiftype.com,viverepiusani.it,wikihow.com,wistia.com,www.dwin2.com,www.houstontexans.com,www.raiders.com,www.wada-ama.org][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3][Subject: C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=f4.shared.global.fastly.net][Certificate SHA-1: BE:28:82:77:5B:06:41:1F:70:84:BD:A4:B9:FB:F0:BC:B1:B5:E3:A0][Chrome][Validity: 2020-10-23 11:03:25 - 2021-05-07 20:27:49][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,8,8,4,0,0,0,0,8,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,64,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
8 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38512 <-> [2a04:4e42:1d::84]:443 [proto: 91.183/TLS.Pinterest][Stack: TLS.Pinterest][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: SocialNetwork/6][Breed: Fun][18 pkts/4393 bytes <-> 21 pkts/18564 bytes][Goodput ratio: 65/90][0.12 sec][Hostname/SNI: s.pinimg.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.617 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/2 32/30 11/7][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 244/884 1040/1474 244/663][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: *.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com][Certificate SHA-1: 1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E][Chrome][Validity: 2020-07-16 00:00:00 - 2021-08-04 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,4,8,4,0,0,0,0,13,8,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,4,0,0,0,0,0,0,48,0,0,0,0]
9 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:57050 <-> [2a04:4e42:1d::720]:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Media/1][Breed: Safe][17 pkts/2547 bytes <-> 17 pkts/15419 bytes][Goodput ratio: 42/90][0.12 sec][Hostname/SNI: images.unsplash.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.716 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/5 50/32 15/11][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 150/907 603/1474 144/652][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: imgix2.map.fastly.net,*.camp-fire.jp,*.carwow.co.uk,*.carwow.de,*.carwow.es,*.catchandrelease.com,*.dorothee-schumacher.com,*.footway.com,*.img-ikyu.com,*.imgix.drizly.com,*.instamotor.com,*.microdinc.com,*.msastaging.com,*.peddle.com,*.remax.ca,*.ustudio.com,*.vaping360.com,*.weber.com,article-image-ix.nikkei.com,assets.eberhardt-travel.de,assets.verishop.com,assets.verishop.xyz,cdn.airstream.com,cdn.elementthree.com,cdn.hashnode.com,cdn.naturalhealthyconcepts.com,cdn.parent.eu,cdn.phonehouse.es,cdn.shiplus.co.il,i.drop-cdn.com,i.upworthy.com,image.volunteerworld.com,imageproxy.themaven.net,images-dev.takeshape.io,images.101cookbooks.com,images.beano.com,images.businessoffashion.com,images.congstar.de,images.diesdas.digital,images.fandor.com,images.greetingsisland.com,images.malaecuia.com.br,images.omaze.com,images.roulottesgagnon.com,images.takeshape.io,images.thewanderful.co,images.unsplash.com,images.victoriaplum.com,images.vraiandoro.com,img-1.homely.com.au,img-stack.imagereflow.com,img.badshop.se,img.bernieandphyls.com,img.bioopticsworld.com,img.broadbandtechreport.com,img.broadwaybox.com,img.bygghemma.se,img.bygghjemme.no,img.byggshop.se,img.cablinginstall.com,img.dentaleconomics.com,img.dentistryiq.com,img.evaluationengineering.com,img.golvshop.se,img.grudado.com.br,img.industrial-lasers.com,img.induux.de,img.intelligent-aerospace.com,img.inturn.co,img.laserfocusworld.com,img.ledsmagazine.com,img.lightwaveonline.com,img.militaryaerospace.com,img.mychannels.video,img.officer.com,img.offshore-mag.com,img.ogj.com,img.perioimplantadvisory.com,img.plasticsmachinerymagazine.com,img.prevu.com,img.rdhmag.com,img.speedcurve.com,img.strategies-u.com,img.utilityproducts.com,img.vision-systems.com,img.waterworld.com,img.workbook.com,img.xlhemma.se,img1.nowpurchase.com,iw.induux.de,m.22slides.com,media.sailrace.com,media.useyourlocal.com,pictures.hideaways.dk,raven.contrado.com,resources.intuitive.com,static.doorsuperstore.co.uk][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3][Subject: C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=imgix2.map.fastly.net][Certificate SHA-1: 1F:BC:A1:79:48:96:70:32:B8:08:C1:38:D4:20:12:BE:D9:6F:14:B6][Chrome][Validity: 2020-11-12 16:39:14 - 2021-07-07 17:15:51][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,12,6,0,0,0,0,6,0,0,6,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,57,0,0,0,0]
9 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:57050 <-> [2a04:4e42:1d::720]:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Media/1][Breed: Fun][17 pkts/2547 bytes <-> 17 pkts/15419 bytes][Goodput ratio: 42/90][0.12 sec][Hostname/SNI: images.unsplash.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.716 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/5 50/32 15/11][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 150/907 603/1474 144/652][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: imgix2.map.fastly.net,*.camp-fire.jp,*.carwow.co.uk,*.carwow.de,*.carwow.es,*.catchandrelease.com,*.dorothee-schumacher.com,*.footway.com,*.img-ikyu.com,*.imgix.drizly.com,*.instamotor.com,*.microdinc.com,*.msastaging.com,*.peddle.com,*.remax.ca,*.ustudio.com,*.vaping360.com,*.weber.com,article-image-ix.nikkei.com,assets.eberhardt-travel.de,assets.verishop.com,assets.verishop.xyz,cdn.airstream.com,cdn.elementthree.com,cdn.hashnode.com,cdn.naturalhealthyconcepts.com,cdn.parent.eu,cdn.phonehouse.es,cdn.shiplus.co.il,i.drop-cdn.com,i.upworthy.com,image.volunteerworld.com,imageproxy.themaven.net,images-dev.takeshape.io,images.101cookbooks.com,images.beano.com,images.businessoffashion.com,images.congstar.de,images.diesdas.digital,images.fandor.com,images.greetingsisland.com,images.malaecuia.com.br,images.omaze.com,images.roulottesgagnon.com,images.takeshape.io,images.thewanderful.co,images.unsplash.com,images.victoriaplum.com,images.vraiandoro.com,img-1.homely.com.au,img-stack.imagereflow.com,img.badshop.se,img.bernieandphyls.com,img.bioopticsworld.com,img.broadbandtechreport.com,img.broadwaybox.com,img.bygghemma.se,img.bygghjemme.no,img.byggshop.se,img.cablinginstall.com,img.dentaleconomics.com,img.dentistryiq.com,img.evaluationengineering.com,img.golvshop.se,img.grudado.com.br,img.industrial-lasers.com,img.induux.de,img.intelligent-aerospace.com,img.inturn.co,img.laserfocusworld.com,img.ledsmagazine.com,img.lightwaveonline.com,img.militaryaerospace.com,img.mychannels.video,img.officer.com,img.offshore-mag.com,img.ogj.com,img.perioimplantadvisory.com,img.plasticsmachinerymagazine.com,img.prevu.com,img.rdhmag.com,img.speedcurve.com,img.strategies-u.com,img.utilityproducts.com,img.vision-systems.com,img.waterworld.com,img.workbook.com,img.xlhemma.se,img1.nowpurchase.com,iw.induux.de,m.22slides.com,media.sailrace.com,media.useyourlocal.com,pictures.hideaways.dk,raven.contrado.com,resources.intuitive.com,static.doorsuperstore.co.uk][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3][Subject: C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=imgix2.map.fastly.net][Certificate SHA-1: 1F:BC:A1:79:48:96:70:32:B8:08:C1:38:D4:20:12:BE:D9:6F:14:B6][Chrome][Validity: 2020-11-12 16:39:14 - 2021-07-07 17:15:51][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,12,6,0,0,0,0,6,0,0,6,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,57,0,0,0,0]
10 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:33262 <-> [64:ff9b::9765:7854]:443 [proto: 91.183/TLS.Pinterest][Stack: TLS.Pinterest][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 13][cat: SocialNetwork/6][Breed: Fun][15 pkts/2410 bytes <-> 20 pkts/12882 bytes][Goodput ratio: 46/87][0.32 sec][Hostname/SNI: www.pinterest.fr][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.685 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/16 41/172 12/42][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 161/644 603/1134 150/483][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: *.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com][Certificate SHA-1: 1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E][Chrome][Validity: 2020-07-16 00:00:00 - 2021-08-04 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,5,15,5,0,0,0,0,5,0,0,5,0,0,5,0,5,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,48,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
11 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:47032 <-> [2600:1901:0:7a0b::]:443 [proto: 91/TLS][Stack: TLS][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][FPC: 284/GoogleCloud, Confidence: IP address][DPI packets: 6][cat: Web/5][Breed: Safe][20 pkts/3545 bytes <-> 21 pkts/7861 bytes][Goodput ratio: 51/77][0.52 sec][Hostname/SNI: sessions.bugsnag.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.378 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 26/24 224/174 60/46][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 177/374 603/1294 164/464][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 10,15,15,10,5,0,0,0,5,0,0,5,0,0,0,5,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0]
12 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:47790 <-> [2a00:1450:4007:816::200a]:443 [proto: 91.239/TLS.GoogleServices][Stack: TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][Breed: Acceptable][25 pkts/3823 bytes <-> 30 pkts/7281 bytes][Goodput ratio: 44/64][17.42 sec][Hostname/SNI: content-autofill.googleapis.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.311 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 825/437 8675/8670 2387/1742][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 153/243 603/1294 123/316][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 6,32,21,3,10,3,0,0,0,0,0,3,3,0,0,3,3,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0]

4
tests/cfgs/default/result/pop3_stls.pcap.out
View file

@ -22,7 +22,7 @@ Patricia protocols IPv6: 0/0 (search/found)
POPS 53 11189 1
Safe 53 11189 1
Unsafe 53 11189 1
Email 53 11189 1
@ -31,4 +31,4 @@ JA Host Stats:
1 192.168.20.18 1
1 TCP 192.168.20.18:50583 <-> 72.249.41.52:110 [proto: 23/POPS][Stack: POP3.POPS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 18][cat: Email/3][Breed: Safe][23 pkts/2059 bytes <-> 30 pkts/9130 bytes][Goodput ratio: 39/82][5.43 sec][Hostname/SNI: pop.lavabit.com][bytes ratio: -0.632 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/0 273/202 2072/2002 508/432][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 90/304 368/1514 69/480][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **** Unsafe Protocol **][Risk Score: 210][Risk Info: Cipher TLS_RSA_WITH_RC4_128_SHA / TLSv1][nDPI Fingerprint: 6b611659578fc997ac226df2a31a9c88][TCP Fingerprint: 2_128_8192_4697958db063/Windows][TLSv1][JA4: t10d360400_77f462745360_a875e5012fde][ServerNames: *.lavabit.com,lavabit.com][JA3S: 6b96cf9c27b0223177b0e9f135fe4899][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certificates.godaddy.com/repository, CN=Go Daddy Secure Certification Authority][Subject: O=*.lavabit.com, OU=Domain Control Validated, CN=*.lavabit.com][Certificate SHA-1: 1D:14:60:3D:5E:0F:A2:EB:61:C5:27:F8:A4:26:80:B3:E5:BB:A2:B2][Validity: 2012-02-17 04:07:46 - 2017-02-17 04:07:46][Cipher: TLS_RSA_WITH_RC4_128_SHA][PLAIN TEXT (ERR Unrecognized command.)][Plen Bins: 34,37,2,2,2,5,0,2,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]
1 TCP 192.168.20.18:50583 <-> 72.249.41.52:110 [proto: 23/POPS][Stack: POP3.POPS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 18][cat: Email/3][Breed: Unsafe][23 pkts/2059 bytes <-> 30 pkts/9130 bytes][Goodput ratio: 39/82][5.43 sec][Hostname/SNI: pop.lavabit.com][bytes ratio: -0.632 (Download)][IAT c2s/s2c min/avg/max/stddev: 6/0 273/202 2072/2002 508/432][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 90/304 368/1514 69/480][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **** Unsafe Protocol **][Risk Score: 210][Risk Info: Cipher TLS_RSA_WITH_RC4_128_SHA / TLSv1][nDPI Fingerprint: 6b611659578fc997ac226df2a31a9c88][TCP Fingerprint: 2_128_8192_4697958db063/Windows][TLSv1][JA4: t10d360400_77f462745360_a875e5012fde][ServerNames: *.lavabit.com,lavabit.com][JA3S: 6b96cf9c27b0223177b0e9f135fe4899][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certificates.godaddy.com/repository, CN=Go Daddy Secure Certification Authority][Subject: O=*.lavabit.com, OU=Domain Control Validated, CN=*.lavabit.com][Certificate SHA-1: 1D:14:60:3D:5E:0F:A2:EB:61:C5:27:F8:A4:26:80:B3:E5:BB:A2:B2][Validity: 2012-02-17 04:07:46 - 2017-02-17 04:07:46][Cipher: TLS_RSA_WITH_RC4_128_SHA][PLAIN TEXT (ERR Unrecognized command.)][Plen Bins: 34,37,2,2,2,5,0,2,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]

41
tests/cfgs/default/result/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out
View file

@ -30,8 +30,9 @@ GoogleServices 71 98832 25
WhatsAppFiles 1 1392 1
Safe 3 4176 3
Acceptable 154 214368 88
Fun 22 30624 22
Acceptable 137 190704 72
Fun 21 29232 21
Tracker_Ads 18 25056 17
Media 21 29232 21
Web 124 172608 59
@ -76,7 +77,7 @@ JA Host Stats:
22 UDP 168.144.64.5:51053 -> 241.138.147.133:443 [proto: 188.239/QUIC.GoogleServices][Stack: QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.239/QUIC.GoogleServices, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.30 sec][Hostname/SNI: content-autofill.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
23 UDP 168.144.64.5:53431 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.07 sec][Hostname/SNI: fonts.gstatic.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
24 UDP 168.144.64.5:55376 -> 212.22.246.243:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.33 sec][Hostname/SNI: www.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][PLAIN TEXT (aUOvTUU)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
25 UDP 168.144.64.5:59827 -> 37.47.218.224:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Acceptable][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.30 sec][Hostname/SNI: www.googleadservices.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
25 UDP 168.144.64.5:59827 -> 37.47.218.224:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.30 sec][Hostname/SNI: www.googleadservices.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
26 UDP 168.144.64.5:62719 -> 31.219.210.96:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.30 sec][Hostname/SNI: lh4.googleusercontent.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
27 UDP 168.144.64.5:64964 -> 133.202.76.105:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.30 sec][Hostname/SNI: accounts.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
28 UDP 192.168.254.11:35124 -> 168.78.153.39:443 [proto: 188/QUIC][Stack: QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.29 sec][Hostname/SNI: s-img.adskeeper.co.uk][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
@ -85,7 +86,7 @@ JA Host Stats:
31 UDP 159.117.176.124:51856 -> 16.205.123.234:443 [proto: 188.242/QUIC.WhatsAppFiles][Stack: QUIC.WhatsAppFiles][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.242/QUIC.WhatsAppFiles, Confidence: DPI][DPI packets: 1][cat: Download/7][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: media.fmct2-1.fna.whatsapp.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
32 UDP 168.144.64.5:49153 -> 153.98.28.78:443 [proto: 188.196/QUIC.DoH_DoT][Stack: QUIC.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.196/QUIC.DoH_DoT, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: dns.google][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
33 UDP 168.144.64.5:49217 -> 185.186.183.185:443 [proto: 188.239/QUIC.GoogleServices][Stack: QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.239/QUIC.GoogleServices, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: safebrowsing.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
34 UDP 168.144.64.5:49324 -> 35.194.157.47:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: pagead2.googlesyndication.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
34 UDP 168.144.64.5:49324 -> 35.194.157.47:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: pagead2.googlesyndication.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
35 UDP 168.144.64.5:49860 -> 113.250.137.243:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Cloud/13][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: b1.nel.goog][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
36 UDP 168.144.64.5:49926 -> 103.179.40.184:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r5---sn-vh5ouxa-hju6.googlevideo.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
37 UDP 168.144.64.5:50023 -> 76.231.104.92:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.youtube.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][PLAIN TEXT (TJdZNR)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
@ -98,7 +99,7 @@ JA Host Stats:
44 UDP 168.144.64.5:51296 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gcp.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
45 UDP 168.144.64.5:51456 -> 102.194.207.179:443 [proto: 188.239/QUIC.GoogleServices][Stack: QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.239/QUIC.GoogleServices, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: clientservices.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
46 UDP 168.144.64.5:52273 -> 244.214.160.219:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r3---sn-vh5ouxa-hju6.googlevideo.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
47 UDP 168.144.64.5:52387 -> 143.52.137.18:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: pagead2.googlesyndication.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
47 UDP 168.144.64.5:52387 -> 143.52.137.18:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: pagead2.googlesyndication.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
48 UDP 168.144.64.5:52396 -> 153.98.28.78:443 [proto: 188.196/QUIC.DoH_DoT][Stack: QUIC.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.196/QUIC.DoH_DoT, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: dns.google][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
49 UDP 168.144.64.5:52942 -> 93.100.151.221:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: clients2.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
50 UDP 168.144.64.5:53127 -> 113.250.137.243:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Cloud/13][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: b1.nel.goog][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][PLAIN TEXT (R/maht)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
@ -108,44 +109,44 @@ JA Host Stats:
54 UDP 168.144.64.5:54449 -> 102.194.207.179:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons3.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
55 UDP 168.144.64.5:55066 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: fonts.gstatic.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
56 UDP 168.144.64.5:55479 -> 113.250.137.243:443 [proto: 188.239/QUIC.GoogleServices][Stack: QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.239/QUIC.GoogleServices, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: clientservices.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
57 UDP 168.144.64.5:55561 -> 35.194.157.47:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: googleads.g.doubleclick.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
58 UDP 168.144.64.5:55572 -> 117.148.117.30:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: googleads.g.doubleclick.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
57 UDP 168.144.64.5:55561 -> 35.194.157.47:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: googleads.g.doubleclick.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
58 UDP 168.144.64.5:55572 -> 117.148.117.30:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: googleads.g.doubleclick.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
59 UDP 168.144.64.5:55637 -> 169.81.163.225:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r3---sn-hju7enel.googlevideo.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
60 UDP 168.144.64.5:55844 -> 112.1.105.138:443 [proto: 188.228/QUIC.PlayStore][Stack: QUIC.PlayStore][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.228/QUIC.PlayStore, Confidence: DPI][DPI packets: 1][cat: SoftwareUpdate/19][Breed: Safe][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: android.clients.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
61 UDP 168.144.64.5:56384 -> 117.148.117.30:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: pagead2.googlesyndication.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
61 UDP 168.144.64.5:56384 -> 117.148.117.30:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: pagead2.googlesyndication.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
62 UDP 168.144.64.5:56425 -> 125.136.204.4:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r1---sn-vh5ouxa-hjuk.googlevideo.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
63 UDP 168.144.64.5:56488 -> 177.86.46.206:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.youtube.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
64 UDP 168.144.64.5:56683 -> 113.250.137.243:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Cloud/13][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: b1.nel.goog][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
65 UDP 168.144.64.5:56844 -> 113.250.137.243:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Cloud/13][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: b1.nel.goog][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
66 UDP 168.144.64.5:57319 -> 7.71.118.27:443 [proto: 188.228/QUIC.PlayStore][Stack: QUIC.PlayStore][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.228/QUIC.PlayStore, Confidence: DPI][DPI packets: 1][cat: SoftwareUpdate/19][Breed: Safe][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: android.clients.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
67 UDP 168.144.64.5:57398 -> 137.238.249.2:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.googleadservices.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
67 UDP 168.144.64.5:57398 -> 137.238.249.2:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.googleadservices.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
68 UDP 168.144.64.5:57565 -> 217.254.108.174:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r2---sn-vh5ouxa-hjuk.googlevideo.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
69 UDP 168.144.64.5:57735 -> 137.238.249.2:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: ade.googlesyndication.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
69 UDP 168.144.64.5:57735 -> 137.238.249.2:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: ade.googlesyndication.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
70 UDP 168.144.64.5:57767 -> 76.83.40.87:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r11---sn-vh5ouxa-hjuk.googlevideo.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
71 UDP 168.144.64.5:58414 -> 153.98.28.78:443 [proto: 188.196/QUIC.DoH_DoT][Stack: QUIC.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.196/QUIC.DoH_DoT, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: dns.google][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][PLAIN TEXT (rAnq62)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
72 UDP 168.144.64.5:58429 -> 38.57.8.121:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: static.doubleclick.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
72 UDP 168.144.64.5:58429 -> 38.57.8.121:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: static.doubleclick.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
73 UDP 168.144.64.5:58703 -> 93.100.151.221:443 [proto: 188.228/QUIC.PlayStore][Stack: QUIC.PlayStore][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.228/QUIC.PlayStore, Confidence: DPI][DPI packets: 1][cat: SoftwareUpdate/19][Breed: Safe][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: android.clients.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
74 UDP 168.144.64.5:58832 -> 117.148.117.30:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: googleads.g.doubleclick.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
74 UDP 168.144.64.5:58832 -> 117.148.117.30:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: googleads.g.doubleclick.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
75 UDP 168.144.64.5:58956 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gcp.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
76 UDP 168.144.64.5:59206 -> 76.231.104.92:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: ogs.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
77 UDP 168.144.64.5:59327 -> 153.98.28.78:443 [proto: 188.196/QUIC.DoH_DoT][Stack: QUIC.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.196/QUIC.DoH_DoT, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: dns.google][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
78 UDP 168.144.64.5:59622 -> 153.98.28.78:443 [proto: 188.196/QUIC.DoH_DoT][Stack: QUIC.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.196/QUIC.DoH_DoT, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: dns.google][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
79 UDP 168.144.64.5:59680 -> 117.148.117.30:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: googleads.g.doubleclick.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][PLAIN TEXT (xqgfA/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
79 UDP 168.144.64.5:59680 -> 117.148.117.30:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: googleads.g.doubleclick.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][PLAIN TEXT (xqgfA/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
80 UDP 168.144.64.5:59785 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gcp.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
81 UDP 168.144.64.5:59965 -> 22.12.150.194:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r1---sn-vh5ouxa-hju6.googlevideo.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
82 UDP 168.144.64.5:60342 -> 93.100.151.221:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: suggestqueries-clients6.youtube.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
83 UDP 168.144.64.5:60551 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
84 UDP 168.144.64.5:60809 -> 9.65.169.252:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: suggestqueries-clients6.youtube.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][PLAIN TEXT (XDlJUg)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
85 UDP 168.144.64.5:60896 -> 45.228.175.189:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
86 UDP 168.144.64.5:60919 -> 53.101.228.200:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: adservice.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
86 UDP 168.144.64.5:60919 -> 53.101.228.200:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: adservice.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
87 UDP 168.144.64.5:60934 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gcp.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
88 UDP 168.144.64.5:60936 -> 9.65.169.252:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: suggestqueries-clients6.youtube.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
89 UDP 168.144.64.5:60949 -> 185.186.183.185:443 [proto: 188.239/QUIC.GoogleServices][Stack: QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.239/QUIC.GoogleServices, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: content-autofill.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
90 UDP 168.144.64.5:61209 -> 35.194.157.47:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.googleadservices.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
90 UDP 168.144.64.5:61209 -> 35.194.157.47:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.googleadservices.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
91 UDP 168.144.64.5:61341 -> 16.232.218.117:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r9---sn-vh5ouxa-hjuk.googlevideo.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
92 UDP 168.144.64.5:61886 -> 65.33.51.74:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: adservice.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
92 UDP 168.144.64.5:61886 -> 65.33.51.74:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: adservice.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
93 UDP 168.144.64.5:62047 -> 136.125.67.96:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons4.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
94 UDP 168.144.64.5:62652 -> 158.146.215.30:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: static.doubleclick.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
94 UDP 168.144.64.5:62652 -> 158.146.215.30:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: static.doubleclick.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
95 UDP 168.144.64.5:62818 -> 113.250.137.243:443 [proto: 188.239/QUIC.GoogleServices][Stack: QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.239/QUIC.GoogleServices, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: clientservices.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
96 UDP 168.144.64.5:63136 -> 9.65.169.252:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: suggestqueries-clients6.youtube.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
97 UDP 168.144.64.5:63163 -> 113.250.137.243:443 [proto: 188.239/QUIC.GoogleServices][Stack: QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.239/QUIC.GoogleServices, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: update.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
@ -156,12 +157,12 @@ JA Host Stats:
102 UDP 168.144.64.5:64700 -> 16.232.218.117:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r9---sn-vh5ouxa-hjuk.googlevideo.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][PLAIN TEXT (gjom@g)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
103 UDP 168.144.64.5:64976 -> 220.80.126.73:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r1---sn-hju7enel.googlevideo.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
104 UDP 168.144.64.5:65186 -> 9.65.169.252:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.youtube.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
105 UDP 168.144.64.5:65360 -> 65.33.51.74:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: googleads.g.doubleclick.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
105 UDP 168.144.64.5:65360 -> 65.33.51.74:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: googleads.g.doubleclick.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 8ee19caff6ed6a63a52b5c2ae145a32a][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h9_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
106 UDP 168.144.64.5:65391 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: fonts.gstatic.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
107 UDP 192.168.254.11:38331 -> 93.100.151.221:443 [proto: 188.46/QUIC.DataSaver][Stack: QUIC.DataSaver][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.46/QUIC.DataSaver, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Fun][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: litepages.googlezip.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
107 UDP 192.168.254.11:38331 -> 93.100.151.221:443 [proto: 188.46/QUIC.DataSaver][Stack: QUIC.DataSaver][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.46/QUIC.DataSaver, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: litepages.googlezip.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
108 UDP 192.168.254.11:43427 -> 98.251.203.81:443 [proto: 188.239/QUIC.GoogleServices][Stack: QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.239/QUIC.GoogleServices, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: optimizationguide-pa.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
109 UDP 192.168.254.11:45652 -> 170.196.90.126:443 [proto: 188.239/QUIC.GoogleServices][Stack: QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.239/QUIC.GoogleServices, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: content-autofill.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
110 UDP 192.168.254.11:49689 -> 87.179.155.149:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
111 UDP 192.168.254.11:51075 -> 117.148.117.30:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: pagead2.googlesyndication.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
111 UDP 192.168.254.11:51075 -> 117.148.117.30:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: pagead2.googlesyndication.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
112 UDP 192.168.254.11:54692 -> 171.182.169.23:443 [proto: 188/QUIC][Stack: QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.freearabianporn.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
113 UDP 192.168.254.11:59048 -> 251.236.18.198:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Acceptable][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: accounts.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: 57f97f4b3f1b37f4309b52893e79db19][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h9_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]

28
tests/cfgs/default/result/quickplay.pcap.out
View file

@ -26,8 +26,8 @@ Facebook 6 1740 3
Google 2 378 1
Xiaomi 2 1469 1
Acceptable 137 98026 13
Fun 18 6521 8
Acceptable 2 378 1
Fun 153 104169 20
Web 2 1469 1
SocialNetwork 6 1740 3
@ -36,17 +36,17 @@ Chat 3 1337 1
Streaming 133 96179 11
ConnCheck 2 378 1
1 TCP 10.54.169.250:52009 <-> 120.28.35.40:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 9][cat: Streaming/17][Breed: Acceptable][35 pkts/17902 bytes <-> 30 pkts/28000 bytes][Goodput ratio: 89/94][101.50 sec][Hostname/SNI: vod-singtelhawk.quickplay.com][bytes ratio: -0.220 (Download)][IAT c2s/s2c min/avg/max/stddev: 182/2021 3144/2862 23289/5776 4036/929][Pkt Len c2s/s2c min/avg/max/stddev: 500/76 511/933 587/1456 27/494][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV250R240/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV250R240-0023.ts][User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; MI 3W Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)][Plen Bins: 3,0,0,3,1,1,0,0,0,1,0,0,0,49,1,1,7,0,1,0,0,0,0,0,3,0,0,0,3,1,0,0,0,1,1,0,3,3,0,0,0,0,0,13,0,0,0,0]
2 TCP 10.54.169.250:52019 <-> 120.28.35.40:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 9][cat: Streaming/17][Breed: Acceptable][14 pkts/7028 bytes <-> 11 pkts/12578 bytes][Goodput ratio: 89/95][109.64 sec][Hostname/SNI: vod-singtelhawk.quickplay.com][bytes ratio: -0.283 (Download)][IAT c2s/s2c min/avg/max/stddev: 1066/2163 7709/7600 23311/23043 9303/8905][Pkt Len c2s/s2c min/avg/max/stddev: 502/652 502/1143 502/1456 0/288][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0058.ts][User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; MI 3W Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,56,0,0,0,0,4,0,0,0,0,8,0,0,4,0,0,0,0,0,0,0,4,4,0,0,0,4,0,4,0,12,0,0,0,0]
3 TCP 10.54.169.250:52017 <-> 120.28.35.40:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 8][cat: Streaming/17][Breed: Acceptable][5 pkts/2510 bytes <-> 3 pkts/3522 bytes][Goodput ratio: 89/95][53.74 sec][Hostname/SNI: vod-singtelhawk.quickplay.com][bytes ratio: -0.168 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2521/3055 13434/13894 23447/24732 10022/10838][Pkt Len c2s/s2c min/avg/max/stddev: 502/822 502/1174 502/1456 0/264][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0052.ts][User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; MI 3W Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,63,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,12,0,0,0,0]
4 TCP 10.54.169.250:52018 <-> 120.28.35.40:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 7][cat: Streaming/17][Breed: Acceptable][4 pkts/2008 bytes <-> 3 pkts/3040 bytes][Goodput ratio: 89/94][28.60 sec][Hostname/SNI: vod-singtelhawk.quickplay.com][bytes ratio: -0.204 (Download)][IAT c2s/s2c min/avg/max/stddev: 2241/2426 9534/3315 23958/4204 10200/889][Pkt Len c2s/s2c min/avg/max/stddev: 502/128 502/1013 502/1456 0/626][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0055.ts][User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; MI 3W Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)][Plen Bins: 0,0,14,0,0,0,0,0,0,0,0,0,0,57,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0]
5 TCP 10.54.169.250:52022 <-> 120.28.35.40:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 7][cat: Streaming/17][Breed: Acceptable][4 pkts/2008 bytes <-> 3 pkts/2276 bytes][Goodput ratio: 89/93][10.17 sec][Hostname/SNI: vod-singtelhawk.quickplay.com][bytes ratio: -0.063 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3284/3295 3390/3322 3535/3349 106/27][Pkt Len c2s/s2c min/avg/max/stddev: 502/188 502/759 502/1456 0/525][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0071.ts][User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; MI 3W Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)][Plen Bins: 0,0,0,0,14,0,0,0,0,0,0,0,0,57,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0]
6 TCP 10.54.169.250:50669 <-> 120.28.35.41:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Streaming/17][Breed: Acceptable][2 pkts/844 bytes <-> 2 pkts/2836 bytes][Goodput ratio: 87/96][9.29 sec][Hostname/SNI: api-singtelhawk.quickplay.com][URL: api-singtelhawk.quickplay.com/solr/RestApiSingTel_PH/restapi/categories/HUD?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50][StatusCode: 200][Content-Type: application/json][Server: Apache-Coyote/1.1][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.2.0.KXDMICB)][PLAIN TEXT (GET /solr/RestApiSingTel)][Plen Bins: 0,0,0,0,0,0,0,0,0,25,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,25,0,0,0,0]
7 TCP 10.54.169.250:50668 <-> 120.28.35.41:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Streaming/17][Breed: Acceptable][2 pkts/733 bytes <-> 2 pkts/2627 bytes][Goodput ratio: 85/96][9.24 sec][Hostname/SNI: api-singtelhawk.quickplay.com][URL: api-singtelhawk.quickplay.com/solr/RestApiSingTel_PH/restapi/categories/HUD?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50][StatusCode: 200][Content-Type: application/json][Server: Apache-Coyote/1.1][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.2.0.KXDMICB)][PLAIN TEXT (GET /solr/RestApiSingTel)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,25,0,0,0,0,0,0]
8 TCP 10.54.169.250:52021 <-> 120.28.35.40:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 4][cat: Streaming/17][Breed: Acceptable][3 pkts/1506 bytes <-> 1 pkts/1248 bytes][Goodput ratio: 89/95][27.01 sec][Hostname/SNI: vod-singtelhawk.quickplay.com][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0068.ts][User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; MI 3W Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0]
9 TCP 10.54.169.250:52007 <-> 120.28.35.40:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 4][cat: Streaming/17][Breed: Acceptable][3 pkts/1583 bytes <-> 1 pkts/1152 bytes][Goodput ratio: 89/95][2.46 sec][Hostname/SNI: vod-singtelhawk.quickplay.com][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV80R192/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV80R192-0002.ts][User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; MI 3W Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0]
10 TCP 10.54.169.250:44256 <-> 120.28.5.41:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 3][cat: Streaming/17][Breed: Acceptable][2 pkts/1086 bytes <-> 1 pkts/1225 bytes][Goodput ratio: 90/95][0.64 sec][Hostname/SNI: play-singtelhawk.quickplay.com][URL: play-singtelhawk.quickplay.com/vstb/playlist_5_6241_357.m3u8?action=145&appId=5006&carrierId=23&appVersion=1.0&contentId=6241&contentTypeId=3&deviceName=androidmobile&encodingId=357&drmId=4&drmVersion=1.5&delivery=5&prefLanguage=eng&webvtt=true&userid=091][User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; MI 3W Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36][PLAIN TEXT (GET /vstb/playlist)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0]
11 TCP 10.54.169.250:56381 <-> 54.179.140.65:80 [proto: 7.287/HTTP.Xiaomi][Stack: HTTP.Xiaomi][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7.287/HTTP.Xiaomi, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/638 bytes <-> 1 pkts/831 bytes][Goodput ratio: 91/93][0.32 sec][Hostname/SNI: api.account.xiaomi.com][URL: api.account.xiaomi.com/pass/v2/safe/user/coreInfo?signature=u%2F73dEXBHbejev0ISNwnGyyfeTw%3D&userId=Mz5Xr5UXKuw83hxd6Yms2w%3D%3D][StatusCode: 200][Req Content-Type: application/x-www-form-urlencoded][Content-Type: application/json][Server: Tengine/2.0.1][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.2.0.KXDMICB)][PLAIN TEXT (GET /pass/v)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
1 TCP 10.54.169.250:52009 <-> 120.28.35.40:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 9][cat: Streaming/17][Breed: Fun][35 pkts/17902 bytes <-> 30 pkts/28000 bytes][Goodput ratio: 89/94][101.50 sec][Hostname/SNI: vod-singtelhawk.quickplay.com][bytes ratio: -0.220 (Download)][IAT c2s/s2c min/avg/max/stddev: 182/2021 3144/2862 23289/5776 4036/929][Pkt Len c2s/s2c min/avg/max/stddev: 500/76 511/933 587/1456 27/494][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV250R240/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV250R240-0023.ts][User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; MI 3W Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)][Plen Bins: 3,0,0,3,1,1,0,0,0,1,0,0,0,49,1,1,7,0,1,0,0,0,0,0,3,0,0,0,3,1,0,0,0,1,1,0,3,3,0,0,0,0,0,13,0,0,0,0]
2 TCP 10.54.169.250:52019 <-> 120.28.35.40:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 9][cat: Streaming/17][Breed: Fun][14 pkts/7028 bytes <-> 11 pkts/12578 bytes][Goodput ratio: 89/95][109.64 sec][Hostname/SNI: vod-singtelhawk.quickplay.com][bytes ratio: -0.283 (Download)][IAT c2s/s2c min/avg/max/stddev: 1066/2163 7709/7600 23311/23043 9303/8905][Pkt Len c2s/s2c min/avg/max/stddev: 502/652 502/1143 502/1456 0/288][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0058.ts][User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; MI 3W Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,56,0,0,0,0,4,0,0,0,0,8,0,0,4,0,0,0,0,0,0,0,4,4,0,0,0,4,0,4,0,12,0,0,0,0]
3 TCP 10.54.169.250:52017 <-> 120.28.35.40:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 8][cat: Streaming/17][Breed: Fun][5 pkts/2510 bytes <-> 3 pkts/3522 bytes][Goodput ratio: 89/95][53.74 sec][Hostname/SNI: vod-singtelhawk.quickplay.com][bytes ratio: -0.168 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2521/3055 13434/13894 23447/24732 10022/10838][Pkt Len c2s/s2c min/avg/max/stddev: 502/822 502/1174 502/1456 0/264][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0052.ts][User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; MI 3W Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,63,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,12,0,0,0,0]
4 TCP 10.54.169.250:52018 <-> 120.28.35.40:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 7][cat: Streaming/17][Breed: Fun][4 pkts/2008 bytes <-> 3 pkts/3040 bytes][Goodput ratio: 89/94][28.60 sec][Hostname/SNI: vod-singtelhawk.quickplay.com][bytes ratio: -0.204 (Download)][IAT c2s/s2c min/avg/max/stddev: 2241/2426 9534/3315 23958/4204 10200/889][Pkt Len c2s/s2c min/avg/max/stddev: 502/128 502/1013 502/1456 0/626][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0055.ts][User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; MI 3W Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)][Plen Bins: 0,0,14,0,0,0,0,0,0,0,0,0,0,57,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0]
5 TCP 10.54.169.250:52022 <-> 120.28.35.40:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 7][cat: Streaming/17][Breed: Fun][4 pkts/2008 bytes <-> 3 pkts/2276 bytes][Goodput ratio: 89/93][10.17 sec][Hostname/SNI: vod-singtelhawk.quickplay.com][bytes ratio: -0.063 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3284/3295 3390/3322 3535/3349 106/27][Pkt Len c2s/s2c min/avg/max/stddev: 502/188 502/759 502/1456 0/525][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0071.ts][User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; MI 3W Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)][Plen Bins: 0,0,0,0,14,0,0,0,0,0,0,0,0,57,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0]
6 TCP 10.54.169.250:50669 <-> 120.28.35.41:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Streaming/17][Breed: Fun][2 pkts/844 bytes <-> 2 pkts/2836 bytes][Goodput ratio: 87/96][9.29 sec][Hostname/SNI: api-singtelhawk.quickplay.com][URL: api-singtelhawk.quickplay.com/solr/RestApiSingTel_PH/restapi/categories/HUD?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50][StatusCode: 200][Content-Type: application/json][Server: Apache-Coyote/1.1][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.2.0.KXDMICB)][PLAIN TEXT (GET /solr/RestApiSingTel)][Plen Bins: 0,0,0,0,0,0,0,0,0,25,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,25,0,0,0,0]
7 TCP 10.54.169.250:50668 <-> 120.28.35.41:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Streaming/17][Breed: Fun][2 pkts/733 bytes <-> 2 pkts/2627 bytes][Goodput ratio: 85/96][9.24 sec][Hostname/SNI: api-singtelhawk.quickplay.com][URL: api-singtelhawk.quickplay.com/solr/RestApiSingTel_PH/restapi/categories/HUD?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50][StatusCode: 200][Content-Type: application/json][Server: Apache-Coyote/1.1][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.2.0.KXDMICB)][PLAIN TEXT (GET /solr/RestApiSingTel)][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,25,0,0,0,0,0,0]
8 TCP 10.54.169.250:52021 <-> 120.28.35.40:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 4][cat: Streaming/17][Breed: Fun][3 pkts/1506 bytes <-> 1 pkts/1248 bytes][Goodput ratio: 89/95][27.01 sec][Hostname/SNI: vod-singtelhawk.quickplay.com][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV510R360/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0068.ts][User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; MI 3W Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0]
9 TCP 10.54.169.250:52007 <-> 120.28.35.40:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 4][cat: Streaming/17][Breed: Fun][3 pkts/1583 bytes <-> 1 pkts/1152 bytes][Goodput ratio: 89/95][2.46 sec][Hostname/SNI: vod-singtelhawk.quickplay.com][URL: vod-singtelhawk.quickplay.com/seg/vol1/s/Warner/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192/2015-02-02/STV80R192/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV80R192-0002.ts][User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; MI 3W Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0]
10 TCP 10.54.169.250:44256 <-> 120.28.5.41:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 3][cat: Streaming/17][Breed: Fun][2 pkts/1086 bytes <-> 1 pkts/1225 bytes][Goodput ratio: 90/95][0.64 sec][Hostname/SNI: play-singtelhawk.quickplay.com][URL: play-singtelhawk.quickplay.com/vstb/playlist_5_6241_357.m3u8?action=145&appId=5006&carrierId=23&appVersion=1.0&contentId=6241&contentTypeId=3&deviceName=androidmobile&encodingId=357&drmId=4&drmVersion=1.5&delivery=5&prefLanguage=eng&webvtt=true&userid=091][User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; MI 3W Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36][PLAIN TEXT (GET /vstb/playlist)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0]
11 TCP 10.54.169.250:56381 <-> 54.179.140.65:80 [proto: 7.287/HTTP.Xiaomi][Stack: HTTP.Xiaomi][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7.287/HTTP.Xiaomi, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Fun][1 pkts/638 bytes <-> 1 pkts/831 bytes][Goodput ratio: 91/93][0.32 sec][Hostname/SNI: api.account.xiaomi.com][URL: api.account.xiaomi.com/pass/v2/safe/user/coreInfo?signature=u%2F73dEXBHbejev0ISNwnGyyfeTw%3D&userId=Mz5Xr5UXKuw83hxd6Yms2w%3D%3D][StatusCode: 200][Req Content-Type: application/x-www-form-urlencoded][Content-Type: application/json][Server: Tengine/2.0.1][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.2.0.KXDMICB)][PLAIN TEXT (GET /pass/v)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
12 TCP 10.54.169.250:54883 <-> 203.205.151.160:80 [proto: 131.48/HTTP_Proxy.QQ][Stack: HTTP_Proxy.QQ][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 131.48/HTTP_Proxy.QQ, Confidence: DPI][DPI packets: 3][cat: Chat/9][Breed: Fun][2 pkts/1192 bytes <-> 1 pkts/145 bytes][Goodput ratio: 91/61][2.08 sec][Hostname/SNI: hkextshort.weixin.qq.com][URL: http://hkextshort.weixin.qq.com/cgi-bin/micromsg-bin/mmsnssync][Req Content-Type: application/octet-stream][User-Agent: MicroMessenger Client][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 8080,3128][PLAIN TEXT (POST http)][Plen Bins: 0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
13 TCP 10.54.169.250:54885 <-> 203.205.151.160:80 [proto: 131.48/HTTP_Proxy.QQ][Stack: HTTP_Proxy.QQ][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 131.48/HTTP_Proxy.QQ, Confidence: DPI][DPI packets: 2][cat: Download/7][Breed: Fun][1 pkts/461 bytes <-> 2 pkts/522 bytes][Goodput ratio: 88/78][2.81 sec][Hostname/SNI: hkextshort.weixin.qq.com][URL: http://hkextshort.weixin.qq.com/cgi-bin/micromsg-bin/getcontactlabellist][StatusCode: 200][Req Content-Type: application/octet-stream][Content-Type: application/octet-stream][User-Agent: MicroMessenger Client][Filename: micromsgresp.dat][Risk: ** Known Proto on Non Std Port **** Binary File/Data Transfer (Attempt) **][Risk Score: 100][Risk Info: Found binary mime octet-stream / Expected on port 8080,3128][PLAIN TEXT (POST http)][Plen Bins: 0,0,0,0,0,0,66,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
14 TCP 10.54.169.250:35670 <-> 203.205.147.215:80 [proto: 131.48/HTTP_Proxy.QQ][Stack: HTTP_Proxy.QQ][IP: 285/Tencent][ClearText][Confidence: DPI][FPC: 131.48/HTTP_Proxy.QQ, Confidence: DPI][DPI packets: 2][cat: Download/7][Breed: Fun][1 pkts/681 bytes <-> 1 pkts/262 bytes][Goodput ratio: 92/78][0.14 sec][Hostname/SNI: hkminorshort.weixin.qq.com][URL: http://hkminorshort.weixin.qq.com/cgi-bin/micromsg-bin/rtkvreport][StatusCode: 200][Req Content-Type: application/octet-stream][Content-Type: application/octet-stream][User-Agent: MicroMessenger Client][Filename: micromsgresp.dat][Risk: ** Known Proto on Non Std Port **** Binary File/Data Transfer (Attempt) **][Risk Score: 100][Risk Info: Found binary mime octet-stream / Expected on port 8080,3128][PLAIN TEXT (POST http)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@ -55,5 +55,5 @@ ConnCheck 2 378 1
17 TCP 10.54.169.250:52285 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][Stack: HTTP.Facebook][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 7.119/HTTP.Facebook, Confidence: DPI][DPI packets: 2][cat: SocialNetwork/6][Breed: Fun][1 pkts/243 bytes <-> 1 pkts/339 bytes][Goodput ratio: 77/83][0.46 sec][Hostname/SNI: www.facebook.com][URL: www.facebook.com/mobile/status.php][StatusCode: 204][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.2.0.KXDMICB)][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
18 TCP 10.54.169.250:52288 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][Stack: HTTP.Facebook][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 7.119/HTTP.Facebook, Confidence: DPI][DPI packets: 2][cat: SocialNetwork/6][Breed: Fun][1 pkts/243 bytes <-> 1 pkts/339 bytes][Goodput ratio: 77/83][0.46 sec][Hostname/SNI: www.facebook.com][URL: www.facebook.com/mobile/status.php][StatusCode: 204][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.2.0.KXDMICB)][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
19 TCP 10.54.169.250:44793 <-> 31.13.68.49:80 [proto: 7.119/HTTP.Facebook][Stack: HTTP.Facebook][IP: 119/Facebook][ClearText][Confidence: DPI][FPC: 7.119/HTTP.Facebook, Confidence: DPI][DPI packets: 2][cat: SocialNetwork/6][Breed: Fun][1 pkts/237 bytes <-> 1 pkts/339 bytes][Goodput ratio: 76/83][0.34 sec][Hostname/SNI: www.facebook.com][URL: www.facebook.com/mobile/status.php][StatusCode: 204][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.2; GT-I9505 Build/KOT49H)][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)][Plen Bins: 0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
20 TCP 10.54.169.250:33064 <-> 120.28.5.18:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Streaming/17][Breed: Acceptable][1 pkts/358 bytes <-> 1 pkts/109 bytes][Goodput ratio: 84/48][0.31 sec][Hostname/SNI: api-singtelhawk.quickplay.com][URL: api-singtelhawk.quickplay.com/solr/RestApiSingTel_PH/restapi/home?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.2.0.KXDMICB)][PLAIN TEXT (GET /solr/RestApiSingTel)][Plen Bins: 0,50,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
20 TCP 10.54.169.250:33064 <-> 120.28.5.18:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Streaming/17][Breed: Fun][1 pkts/358 bytes <-> 1 pkts/109 bytes][Goodput ratio: 84/48][0.31 sec][Hostname/SNI: api-singtelhawk.quickplay.com][URL: api-singtelhawk.quickplay.com/solr/RestApiSingTel_PH/restapi/home?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.2.0.KXDMICB)][PLAIN TEXT (GET /solr/RestApiSingTel)][Plen Bins: 0,50,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
21 TCP 10.54.169.250:33277 <-> 120.28.26.231:80 [proto: 7.126/HTTP.Google][Stack: HTTP.Google][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.126/HTTP.Google, Confidence: DPI][DPI packets: 2][cat: ConnCheck/30][Breed: Acceptable][1 pkts/241 bytes <-> 1 pkts/137 bytes][Goodput ratio: 76/59][0.06 sec][Hostname/SNI: clients3.google.com][URL: clients3.google.com/generate_204][StatusCode: 204][Server: GFE/2.0][User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI/V6.4.2.0.KXDMICB)][PLAIN TEXT (GET /generate)][Plen Bins: 0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

2
tests/cfgs/default/result/raknet.pcap.out
View file

@ -24,8 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found)
Unknown 2 314 2
RakNet 64 9286 10
Fun 64 9286 10
Unrated 2 314 2
Fun 64 9286 10
Unspecified 2 314 2
Game 64 9286 10

31
tests/cfgs/default/result/reddit.pcap.out
View file

@ -30,9 +30,10 @@ Google 567 201496 19
Reddit 522 181584 20
GoogleServices 340 129444 5
Safe 302 130585 10
Acceptable 907 330940 24
Safe 175 62439 7
Acceptable 583 220267 14
Fun 733 252471 26
Tracker_Ads 451 178819 13
Media 103 37264 3
Web 758 282706 21
@ -46,8 +47,8 @@ JA Host Stats:
1 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:50960 <-> [2a00:1450:4007:805::2002]:443 [proto: 91.239/TLS.GoogleServices][Stack: TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][Breed: Acceptable][63 pkts/9382 bytes <-> 101 pkts/50108 bytes][Goodput ratio: 42/83][11.54 sec][Hostname/SNI: www.googletagservices.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.685 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 175/97 3298/3291 595/448][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 149/496 1254/2419 170/528][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 5,27,7,4,3,9,1,3,4,0,0,1,1,0,1,2,1,0,1,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,1,24,0,0,0,0,0,0,0,0,0,1]
2 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56594 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][Stack: TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: SocialNetwork/6][Breed: Fun][56 pkts/6579 bytes <-> 56 pkts/43995 bytes][Goodput ratio: 27/89][10.00 sec][Hostname/SNI: b.thumbs.redditmedia.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.740 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 223/78 6000/1288 917/258][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 117/786 603/1134 85/450][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: *.thumbs.redditmedia.com,thumbs.redditmedia.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.thumbs.redditmedia.com][Certificate SHA-1: FF:F4:6C:CF:D6:FD:64:3E:50:17:A2:DE:B0:F2:B6:9B:76:59:C6:75][Chrome][Validity: 2020-02-18 00:00:00 - 2021-05-14 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,1,15,3,0,0,0,0,3,0,1,0,0,1,3,0,1,3,0,1,0,0,0,0,0,0,0,0,0,1,1,0,63,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:43492 <-> [64:ff9b::df9:21c6]:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][Breed: Safe][32 pkts/4130 bytes <-> 41 pkts/43404 bytes][Goodput ratio: 33/92][3.33 sec][Hostname/SNI: c.amazon-adsystem.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.826 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 124/83 2442/2482 493/425][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 129/1059 603/2862 111/716][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 5,0,7,2,2,0,0,2,2,5,2,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,5]
4 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:36964 <-> [2a00:1450:4007:80f::2001]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Advertisement/101][Breed: Acceptable][32 pkts/4373 bytes <-> 53 pkts/40038 bytes][Goodput ratio: 37/89][0.36 sec][Hostname/SNI: tpc.googlesyndication.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.803 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/5 45/138 11/21][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 137/755 603/2556 117/617][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 3,8,3,0,8,3,1,6,1,3,1,0,1,1,1,0,1,0,1,0,0,0,0,0,1,1,0,0,1,1,0,0,0,0,0,0,1,41,0,0,0,0,0,0,0,0,0,3]
3 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:43492 <-> [64:ff9b::df9:21c6]:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][Breed: Tracker_Ads][32 pkts/4130 bytes <-> 41 pkts/43404 bytes][Goodput ratio: 33/92][3.33 sec][Hostname/SNI: c.amazon-adsystem.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.826 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 124/83 2442/2482 493/425][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 129/1059 603/2862 111/716][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 5,0,7,2,2,0,0,2,2,5,2,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,5]
4 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:36964 <-> [2a00:1450:4007:80f::2001]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Advertisement/101][Breed: Tracker_Ads][32 pkts/4373 bytes <-> 53 pkts/40038 bytes][Goodput ratio: 37/89][0.36 sec][Hostname/SNI: tpc.googlesyndication.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.803 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/5 45/138 11/21][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 137/755 603/2556 117/617][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 3,8,3,0,8,3,1,6,1,3,1,0,1,1,1,0,1,0,1,0,0,0,0,0,1,1,0,0,1,1,0,0,0,0,0,0,1,41,0,0,0,0,0,0,0,0,0,3]
5 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39520 <-> [2a00:1450:4007:816::2008]:443 [proto: 91.239/TLS.GoogleServices][Stack: TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][Breed: Acceptable][33 pkts/3852 bytes <-> 36 pkts/38105 bytes][Goodput ratio: 26/92][0.21 sec][Hostname/SNI: www.googletagmanager.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.816 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/4 43/38 12/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 117/1058 603/2502 99/724][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 8,2,5,0,0,0,0,0,2,0,0,0,0,0,5,0,5,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,54,0,0,0,0,0,0,0,0,0,14]
6 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:58122 <-> [2a00:1450:4007:805::2001]:443 [proto: 91.124/TLS.YouTube][Stack: TLS.YouTube][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Media/1][Breed: Fun][34 pkts/4406 bytes <-> 37 pkts/20521 bytes][Goodput ratio: 33/84][9.61 sec][Hostname/SNI: yt3.ggpht.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.646 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 352/8 9266/68 1748/18][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 130/555 603/1294 104/520][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 5,17,5,17,0,0,0,0,2,0,2,0,2,2,0,2,5,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0]
7 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:48648 <-> [2620:116:800d:21:f916:5049:f87f:108e]:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][Breed: Safe][22 pkts/3573 bytes <-> 22 pkts/14972 bytes][Goodput ratio: 47/87][0.65 sec][Hostname/SNI: secure.quantserve.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.615 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/11 94/78 32/20][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 162/681 603/1474 142/625][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: *.quantserve.com,*.quantcount.com,*.apextag.com,quantserve.com,quantcount.com,apextag.com][JA3S: b898351eb5e266aefd3723d466935494][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Quantcast Corporation, CN=*.quantserve.com][Certificate SHA-1: 3A:30:B1:4A:CE:62:AF:55:B1:89:FF:0C:CB:69:E3:80:CB:B0:91:90][Chrome][Validity: 2020-10-02 00:00:00 - 2021-10-07 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,9,4,9,0,0,0,0,14,0,0,4,4,0,0,0,4,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0]
@ -57,25 +58,25 @@ JA Host Stats:
11 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:40028 <-> [2a00:1450:4007:80a::200a]:443 [proto: 91.239/TLS.GoogleServices][Stack: TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][Breed: Acceptable][25 pkts/5078 bytes <-> 28 pkts/7828 bytes][Goodput ratio: 57/69][14.15 sec][Hostname/SNI: safebrowsing.googleapis.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.213 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/634 75/13857 21/2886][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 203/280 910/1294 240/323][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 7,27,15,3,0,0,3,0,0,11,3,0,0,0,0,3,3,0,3,7,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]
12 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56782 <-> [64:ff9b::68f4:2ac8]:443 [proto: 91.120/TLS.Twitter][Stack: TLS.Twitter][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: SocialNetwork/6][Breed: Fun][23 pkts/5030 bytes <-> 22 pkts/7292 bytes][Goodput ratio: 61/74][4.33 sec][Hostname/SNI: syndication.twitter.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.184 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 216/228 2512/2545 565/587][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 219/331 854/1474 227/405][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: syndication.twitter.com,syndication.twimg.com,syndication-o.twitter.com,syndication-o.twimg.com,cdn.syndication.twitter.com,cdn.syndication.twimg.com][JA3S: 8d2a028aa94425f76ced7826b1f39039][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=lon3, CN=syndication.twitter.com][Certificate SHA-1: 09:D3:FE:9A:3E:39:A7:E2:90:5B:C9:1F:3B:7D:CE:7C:7E:08:1C:6F][Chrome][Validity: 2020-01-02 00:00:00 - 2020-12-24 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,15,0,20,0,0,4,4,4,15,0,0,4,0,4,0,4,0,0,0,4,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0]
13 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56640 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][Stack: TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: SocialNetwork/6][Breed: Fun][23 pkts/3696 bytes <-> 22 pkts/8527 bytes][Goodput ratio: 46/78][0.57 sec][Hostname/SNI: gateway.reddit.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.395 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/30 307/307 76/75][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 161/388 603/1134 157/388][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: reddit.com,*.reddit.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com][Certificate SHA-1: DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,14,20,4,4,0,0,0,4,0,0,4,9,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
14 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46646 <-> [64:ff9b::345f:7ca5]:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Advertisement/101][Breed: Safe][14 pkts/3201 bytes <-> 13 pkts/8450 bytes][Goodput ratio: 62/87][0.22 sec][Hostname/SNI: aax-eu.amazon-adsystem.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/17 60/42 22/16][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 229/650 762/1446 254/571][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: aax-eu.amazon-adsystem.com,aax.amazon-adsystem.com,aax-cpm.amazon-adsystem.com,aax-dtb-web.amazon-adsystem.com][JA3S: 49b45fc1ab090aa3a159778313fc9b9e][Issuer: C=US, O=Amazon, OU=Server CA 1B, CN=Amazon][Subject: CN=aax-eu.amazon-adsystem.com][Certificate SHA-1: 5D:18:8E:CB:B7:91:5C:79:26:B5:08:49:FF:2C:24:D8:06:54:91:8B][Chrome][Validity: 2020-06-15 00:00:00 - 2021-06-15 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,8,0,0,0,0,8,0,0,0,8,0,0,8,8,0,0,0,8,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0]
15 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:59624 <-> [2a00:1450:4007:80b::2001]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Advertisement/101][Breed: Acceptable][18 pkts/2649 bytes <-> 17 pkts/8456 bytes][Goodput ratio: 41/83][0.15 sec][Hostname/SNI: 8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.523 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/5 34/33 12/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 147/497 603/1294 137/490][Risk: ** Non-Printable/Invalid Chars Detected **** Possible Exploit Attempt **][Risk Score: 250][Risk Info: Invalid chars found in SNI: exploit or misconfiguration? / 8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 12,12,12,0,0,0,0,0,0,0,6,0,6,0,6,0,6,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0]
14 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46646 <-> [64:ff9b::345f:7ca5]:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Advertisement/101][Breed: Tracker_Ads][14 pkts/3201 bytes <-> 13 pkts/8450 bytes][Goodput ratio: 62/87][0.22 sec][Hostname/SNI: aax-eu.amazon-adsystem.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/17 60/42 22/16][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 229/650 762/1446 254/571][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: aax-eu.amazon-adsystem.com,aax.amazon-adsystem.com,aax-cpm.amazon-adsystem.com,aax-dtb-web.amazon-adsystem.com][JA3S: 49b45fc1ab090aa3a159778313fc9b9e][Issuer: C=US, O=Amazon, OU=Server CA 1B, CN=Amazon][Subject: CN=aax-eu.amazon-adsystem.com][Certificate SHA-1: 5D:18:8E:CB:B7:91:5C:79:26:B5:08:49:FF:2C:24:D8:06:54:91:8B][Chrome][Validity: 2020-06-15 00:00:00 - 2021-06-15 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,8,0,0,0,0,8,0,0,0,8,0,0,8,8,0,0,0,8,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0]
15 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:59624 <-> [2a00:1450:4007:80b::2001]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Advertisement/101][Breed: Tracker_Ads][18 pkts/2649 bytes <-> 17 pkts/8456 bytes][Goodput ratio: 41/83][0.15 sec][Hostname/SNI: 8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.523 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/5 34/33 12/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 147/497 603/1294 137/490][Risk: ** Non-Printable/Invalid Chars Detected **** Possible Exploit Attempt **][Risk Score: 250][Risk Info: Invalid chars found in SNI: exploit or misconfiguration? / 8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 12,12,12,0,0,0,0,0,0,0,6,0,6,0,6,0,6,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0]
16 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46808 <-> [2a00:1450:4007:808::2001]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][Breed: Acceptable][15 pkts/1843 bytes <-> 13 pkts/9101 bytes][Goodput ratio: 32/88][0.12 sec][Hostname/SNI: cdn.ampproject.org][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.663 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/5 32/32 11/10][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 123/700 603/1294 129/569][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0]
17 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46810 <-> [2a00:1450:4007:808::2001]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][Breed: Acceptable][15 pkts/1843 bytes <-> 13 pkts/9100 bytes][Goodput ratio: 32/88][0.12 sec][Hostname/SNI: cdn.ampproject.org][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.663 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/6 31/34 11/11][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 123/700 603/1294 129/569][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0]
18 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46814 <-> [2a00:1450:4007:808::2001]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][Breed: Acceptable][14 pkts/1769 bytes <-> 13 pkts/9102 bytes][Goodput ratio: 33/88][0.12 sec][Hostname/SNI: cdn.ampproject.org][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.675 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/5 43/36 15/11][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 126/700 603/1294 133/569][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0]
19 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46812 <-> [2a00:1450:4007:808::2001]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][Breed: Acceptable][14 pkts/1769 bytes <-> 13 pkts/9101 bytes][Goodput ratio: 33/88][0.12 sec][Hostname/SNI: cdn.ampproject.org][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.675 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/5 43/36 15/11][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 126/700 603/1294 133/569][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0]
20 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39736 <-> [2606:2800:134:1a0d:1429:742:782:b6]:443 [proto: 91.120/TLS.Twitter][Stack: TLS.Twitter][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: SocialNetwork/6][Breed: Fun][18 pkts/3180 bytes <-> 18 pkts/7527 bytes][Goodput ratio: 51/79][0.25 sec][Hostname/SNI: cdn.syndication.twimg.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.406 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/9 51/41 19/14][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 177/418 609/1294 176/478][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 11,0,18,11,0,0,0,11,0,0,5,0,5,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,0,0]
21 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:48240 <-> [64:ff9b::9765:789d]:443 [proto: 91.120/TLS.Twitter][Stack: TLS.Twitter][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: SocialNetwork/6][Breed: Fun][13 pkts/2138 bytes <-> 14 pkts/8456 bytes][Goodput ratio: 47/86][0.13 sec][Hostname/SNI: platform.twitter.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.596 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/6 61/47 19/14][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 164/604 603/1134 146/486][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: platform.twitter.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA][Subject: C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=Twitter Security, CN=platform.twitter.com][Certificate SHA-1: 2B:30:10:3B:07:2F:F2:EB:3D:08:E3:BB:45:61:F7:A3:9F:4C:A7:92][Chrome][Validity: 2020-08-13 00:00:00 - 2021-08-18 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,7,14,7,0,0,0,0,14,0,0,0,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
22 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51100 <-> [64:ff9b::d83a:d1e6]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][Breed: Acceptable][20 pkts/3169 bytes <-> 22 pkts/6495 bytes][Goodput ratio: 45/71][0.25 sec][Hostname/SNI: ad.doubleclick.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.344 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/6 50/31 19/9][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 158/295 603/1474 141/415][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 20,24,15,4,0,4,4,0,0,0,0,0,4,0,0,0,4,0,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0]
22 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51100 <-> [64:ff9b::d83a:d1e6]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][Breed: Tracker_Ads][20 pkts/3169 bytes <-> 22 pkts/6495 bytes][Goodput ratio: 45/71][0.25 sec][Hostname/SNI: ad.doubleclick.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.344 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/6 50/31 19/9][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 158/295 603/1474 141/415][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 20,24,15,4,0,4,4,0,0,0,0,0,4,0,0,0,4,0,4,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0]
23 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:47006 <-> [64:ff9b::34d3:acec]:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Web/5][Breed: Safe][12 pkts/2260 bytes <-> 11 pkts/7351 bytes][Goodput ratio: 54/87][0.30 sec][Hostname/SNI: d9.flashtalking.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.530 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/31 67/134 23/42][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 188/668 663/1474 202/634][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: tag.device9.com,www.tag.device9.com,fp.zenaps.com,the.sciencebehindecommerce.com,d9.flashtalking.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2][Subject: OU=Domain Control Validated, CN=tag.device9.com][Certificate SHA-1: 8B:5C:A4:62:70:92:3A:09:C3:72:49:B2:A2:22:32:16:22:87:9D:F3][Chrome][Validity: 2020-08-06 10:30:28 - 2021-09-17 11:41:56][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,10,10,10,0,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,30,0,0,0,0]
24 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56186 <-> [2600:9000:219c:ee00:6:44e3:f8c0:93a1]:443 [proto: 91/TLS][Stack: TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 6][cat: Web/5][Breed: Safe][14 pkts/2163 bytes <-> 13 pkts/7387 bytes][Goodput ratio: 44/85][0.16 sec][Hostname/SNI: rules.quantcount.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.547 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/13 39/40 13/16][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 154/568 603/1294 140/540][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 8,0,25,0,0,0,0,8,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0]
25 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:59336 <-> [2a00:1450:4007:80b::2002]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Advertisement/101][Breed: Acceptable][17 pkts/2490 bytes <-> 16 pkts/7006 bytes][Goodput ratio: 41/80][0.14 sec][Hostname/SNI: adservice.google.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.476 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/5 45/37 12/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 146/438 603/1294 132/466][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 13,13,13,0,0,0,6,0,6,0,0,0,0,6,0,0,6,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0]
25 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:59336 <-> [2a00:1450:4007:80b::2002]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Advertisement/101][Breed: Tracker_Ads][17 pkts/2490 bytes <-> 16 pkts/7006 bytes][Goodput ratio: 41/80][0.14 sec][Hostname/SNI: adservice.google.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.476 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/5 45/37 12/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 146/438 603/1294 132/466][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 13,13,13,0,0,0,6,0,6,0,0,0,0,6,0,0,6,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0]
26 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38166 <-> [2a00:1450:4007:811::200a]:443 [proto: 91.239/TLS.GoogleServices][Stack: TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][Breed: Acceptable][18 pkts/2582 bytes <-> 17 pkts/6805 bytes][Goodput ratio: 40/78][0.19 sec][Hostname/SNI: fonts.googleapis.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.450 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/9 43/43 13/14][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 143/400 603/1294 130/409][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 12,12,12,0,0,0,6,0,12,0,0,0,0,0,6,6,6,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0]
27 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39626 <-> [64:ff9b::2278:cf94]:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Safe][16 pkts/2444 bytes <-> 15 pkts/6941 bytes][Goodput ratio: 43/81][0.43 sec][Hostname/SNI: id.rlcdn.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.479 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/33 104/221 29/63][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 153/463 603/1474 135/553][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 14,14,14,7,0,0,0,0,7,0,0,0,0,0,0,0,7,0,7,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0]
28 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56578 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][Stack: TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: SocialNetwork/6][Breed: Fun][15 pkts/2848 bytes <-> 13 pkts/6172 bytes][Goodput ratio: 54/82][0.14 sec][Hostname/SNI: styles.redditmedia.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.369 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 38/48 14/17][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 190/475 603/1134 167/462][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: *.redditmedia.com,redditmedia.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com][Certificate SHA-1: 96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85][Chrome][Validity: 2020-07-27 00:00:00 - 2021-01-23 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,14,14,7,0,0,0,0,7,0,0,7,7,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
29 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:44264 <-> [64:ff9b::1736:86f1]:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][Breed: Safe][14 pkts/3387 bytes <-> 13 pkts/5574 bytes][Goodput ratio: 64/80][0.41 sec][Hostname/SNI: sb.scorecardresearch.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.244 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 35/18 125/117 43/36][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 242/429 620/1474 234/479][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,8,0,0,8,0,0,16,0,8,0,0,0,0,0,34,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0]
29 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:44264 <-> [64:ff9b::1736:86f1]:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][Breed: Tracker_Ads][14 pkts/3387 bytes <-> 13 pkts/5574 bytes][Goodput ratio: 64/80][0.41 sec][Hostname/SNI: sb.scorecardresearch.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.244 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 35/18 125/117 43/36][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 242/429 620/1474 234/479][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,8,0,0,8,0,0,16,0,8,0,0,0,0,0,34,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0]
30 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51006 <-> [2a00:1450:4007:805::2002]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][Breed: Acceptable][16 pkts/2404 bytes <-> 15 pkts/5962 bytes][Goodput ratio: 42/78][0.15 sec][Hostname/SNI: adservice.google.fr][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.425 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/7 52/37 15/11][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 150/397 603/1294 135/433][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 14,14,14,0,0,0,7,0,7,0,0,0,0,0,0,0,7,0,7,7,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0]
31 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38320 <-> [64:ff9b::6853:b3b6]:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Safe][13 pkts/2124 bytes <-> 13 pkts/6140 bytes][Goodput ratio: 47/82][0.19 sec][Hostname/SNI: c.aaxads.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.486 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/10 72/37 22/14][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 163/472 603/1474 147/558][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 8,0,25,0,0,0,0,8,25,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0]
32 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:54726 <-> [2a00:1450:4007:808::2006]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Advertisement/101][Breed: Acceptable][16 pkts/2391 bytes <-> 15 pkts/5296 bytes][Goodput ratio: 42/75][0.22 sec][Hostname/SNI: static.doubleclick.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.378 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/9 66/45 24/16][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 149/353 603/1294 134/414][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 14,21,14,0,0,0,0,0,7,0,0,0,7,0,7,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0]
32 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:54726 <-> [2a00:1450:4007:808::2006]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Advertisement/101][Breed: Tracker_Ads][16 pkts/2391 bytes <-> 15 pkts/5296 bytes][Goodput ratio: 42/75][0.22 sec][Hostname/SNI: static.doubleclick.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.378 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/9 66/45 24/16][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 149/353 603/1294 134/414][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 14,21,14,0,0,0,0,0,7,0,0,0,7,0,7,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0]
33 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56558 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][Stack: TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: SocialNetwork/6][Breed: Fun][13 pkts/2246 bytes <-> 12 pkts/5023 bytes][Goodput ratio: 50/79][0.20 sec][Hostname/SNI: www.reddit.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.382 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/14 65/66 21/26][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 173/419 603/1134 159/438][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: reddit.com,*.reddit.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com][Certificate SHA-1: DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,9,18,9,0,0,0,0,9,0,0,9,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,27,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
34 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:32970 <-> [64:ff9b::6853:b3d1]:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Safe][11 pkts/2007 bytes <-> 10 pkts/4815 bytes][Goodput ratio: 52/82][0.14 sec][Hostname/SNI: www.aaxdetect.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.412 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/9 62/32 23/13][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 182/482 603/1474 186/513][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,11,0,0,0,0,11,22,0,11,0,0,0,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0]
35 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56582 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][Stack: TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: SocialNetwork/6][Breed: Fun][12 pkts/2565 bytes <-> 6 pkts/4172 bytes][Goodput ratio: 59/87][0.08 sec][Hostname/SNI: preview.redd.it][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.239 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/10 41/41 15/18][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 214/695 603/1134 167/469][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: redd.it,*.redd.it][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it][Certificate SHA-1: 3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,10,10,10,0,0,0,10,0,0,10,0,0,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@ -84,22 +85,22 @@ JA Host Stats:
38 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56590 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][Stack: TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: SocialNetwork/6][Breed: Fun][12 pkts/1614 bytes <-> 11 pkts/4917 bytes][Goodput ratio: 38/81][0.15 sec][Hostname/SNI: emoji.redditmedia.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.506 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/7 52/51 20/17][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 134/447 603/1134 144/448][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: *.redditmedia.com,redditmedia.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com][Certificate SHA-1: 96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85][Chrome][Validity: 2020-07-27 00:00:00 - 2021-01-23 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
39 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56584 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][Stack: TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: SocialNetwork/6][Breed: Fun][12 pkts/1614 bytes <-> 11 pkts/4891 bytes][Goodput ratio: 38/80][0.14 sec][Hostname/SNI: preview.redd.it][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.504 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/6 43/43 17/14][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 134/445 603/1134 144/447][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: redd.it,*.redd.it][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it][Certificate SHA-1: 3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 12,0,12,0,0,0,0,0,12,0,0,0,0,0,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,38,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
40 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:54862 <-> [2a00:1450:4007:806::200e]:443 [proto: 91.124/TLS.YouTube][Stack: TLS.YouTube][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Media/1][Breed: Fun][10 pkts/1946 bytes <-> 6 pkts/4348 bytes][Goodput ratio: 55/88][0.10 sec][Hostname/SNI: www.youtube.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.382 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/11 57/53 20/21][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 195/725 603/1294 181/573][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,25,0,0,0,12,0,0,0,0,0,12,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,37,0,0,0,0,0,0,0,0,0,0]
41 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51026 <-> [64:ff9b::acd9:12c2]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][Breed: Acceptable][10 pkts/1815 bytes <-> 10 pkts/4357 bytes][Goodput ratio: 52/80][0.12 sec][Hostname/SNI: securepubads.g.doubleclick.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.412 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/6 49/32 19/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 182/436 603/1474 162/546][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 11,0,22,11,0,0,0,0,11,0,0,0,0,0,0,0,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0]
41 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51026 <-> [64:ff9b::acd9:12c2]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][Breed: Tracker_Ads][10 pkts/1815 bytes <-> 10 pkts/4357 bytes][Goodput ratio: 52/80][0.12 sec][Hostname/SNI: securepubads.g.doubleclick.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.412 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/6 49/32 19/10][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 182/436 603/1474 162/546][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 11,0,22,11,0,0,0,0,11,0,0,0,0,0,0,0,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0]
42 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56564 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][Stack: TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: SocialNetwork/6][Breed: Fun][10 pkts/1866 bytes <-> 6 pkts/4188 bytes][Goodput ratio: 53/87][0.07 sec][Hostname/SNI: www.redditstatic.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.384 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/10 40/38 15/16][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 187/698 603/1134 164/469][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: www.redditstatic.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com][Certificate SHA-1: 24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,12,12,0,0,0,0,0,12,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
43 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:52296 <-> [2a00:1450:4007:815::2016]:443 [proto: 91.124/TLS.YouTube][Stack: TLS.YouTube][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Media/1][Breed: Fun][9 pkts/1758 bytes <-> 7 pkts/4285 bytes][Goodput ratio: 55/86][0.17 sec][Hostname/SNI: i.ytimg.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.418 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/13 67/67 28/27][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 195/612 603/1294 171/504][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,25,0,0,0,0,0,0,12,0,0,0,0,0,0,12,0,12,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0]
44 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56560 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][Stack: TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: SocialNetwork/6][Breed: Fun][9 pkts/1392 bytes <-> 8 pkts/4613 bytes][Goodput ratio: 44/85][0.17 sec][Hostname/SNI: www.reddit.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.536 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 24/17 70/61 29/24][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 155/577 603/1134 161/461][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: reddit.com,*.reddit.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com][Certificate SHA-1: DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
45 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:40030 <-> [2a00:1450:4007:80a::200a]:443 [proto: 91.239/TLS.GoogleServices][Stack: TLS.GoogleServices][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][Breed: Acceptable][10 pkts/1425 bytes <-> 9 pkts/4279 bytes][Goodput ratio: 41/82][0.14 sec][Hostname/SNI: safebrowsing.googleapis.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.500 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/12 66/66 22/24][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 142/475 603/1294 155/488][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0,0,0]
46 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56568 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][Stack: TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: SocialNetwork/6][Breed: Fun][10 pkts/1313 bytes <-> 8 pkts/4360 bytes][Goodput ratio: 39/84][0.11 sec][Hostname/SNI: www.redditstatic.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.537 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/15 37/46 15/17][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 131/545 603/1134 157/485][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: www.redditstatic.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com][Certificate SHA-1: 24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
47 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56572 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][Stack: TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 11][cat: SocialNetwork/6][Breed: Fun][10 pkts/1313 bytes <-> 8 pkts/4360 bytes][Goodput ratio: 39/84][0.12 sec][Hostname/SNI: www.redditstatic.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.537 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/16 36/56 14/21][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 131/545 603/1134 157/485][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: www.redditstatic.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com][Certificate SHA-1: 24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
48 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51102 <-> [64:ff9b::d83a:d1e6]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][Breed: Acceptable][10 pkts/1425 bytes <-> 9 pkts/4239 bytes][Goodput ratio: 41/82][0.12 sec][Hostname/SNI: ad.doubleclick.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.497 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/6 40/37 18/14][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 142/471 603/1474 155/564][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0]
48 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51102 <-> [64:ff9b::d83a:d1e6]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][Breed: Tracker_Ads][10 pkts/1425 bytes <-> 9 pkts/4239 bytes][Goodput ratio: 41/82][0.12 sec][Hostname/SNI: ad.doubleclick.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.497 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/6 40/37 18/14][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 142/471 603/1474 155/564][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0]
49 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56580 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][Stack: TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: SocialNetwork/6][Breed: Fun][9 pkts/1251 bytes <-> 8 pkts/4370 bytes][Goodput ratio: 41/84][0.14 sec][Hostname/SNI: styles.redditmedia.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.555 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/18 49/49 21/22][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 139/546 603/1134 164/485][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: *.redditmedia.com,redditmedia.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com][Certificate SHA-1: 96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85][Chrome][Validity: 2020-07-27 00:00:00 - 2021-01-23 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
50 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56566 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][Stack: TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: SocialNetwork/6][Breed: Fun][9 pkts/1239 bytes <-> 8 pkts/4360 bytes][Goodput ratio: 42/84][0.11 sec][Hostname/SNI: www.redditstatic.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.557 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/15 37/46 15/17][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 138/545 603/1134 165/485][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: www.redditstatic.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com][Certificate SHA-1: 24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
51 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56570 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][Stack: TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: SocialNetwork/6][Breed: Fun][9 pkts/1239 bytes <-> 8 pkts/4360 bytes][Goodput ratio: 42/84][0.11 sec][Hostname/SNI: www.redditstatic.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.557 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/15 37/46 15/17][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 138/545 603/1134 165/485][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: www.redditstatic.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com][Certificate SHA-1: 24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
52 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:36966 <-> [2a00:1450:4007:80f::2001]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Advertisement/101][Breed: Acceptable][11 pkts/1499 bytes <-> 9 pkts/4018 bytes][Goodput ratio: 39/81][0.13 sec][Hostname/SNI: tpc.googlesyndication.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.457 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/8 46/40 15/14][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 136/446 603/1294 149/488][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0,0,0]
53 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:36970 <-> [2a00:1450:4007:80f::2001]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Advertisement/101][Breed: Acceptable][11 pkts/1499 bytes <-> 9 pkts/4017 bytes][Goodput ratio: 39/81][0.14 sec][Hostname/SNI: tpc.googlesyndication.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.456 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/9 45/40 16/14][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 136/446 603/1294 149/488][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0,0,0]
52 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:36966 <-> [2a00:1450:4007:80f::2001]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Advertisement/101][Breed: Tracker_Ads][11 pkts/1499 bytes <-> 9 pkts/4018 bytes][Goodput ratio: 39/81][0.13 sec][Hostname/SNI: tpc.googlesyndication.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.457 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/8 46/40 15/14][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 136/446 603/1294 149/488][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0,0,0]
53 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:36970 <-> [2a00:1450:4007:80f::2001]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Advertisement/101][Breed: Tracker_Ads][11 pkts/1499 bytes <-> 9 pkts/4017 bytes][Goodput ratio: 39/81][0.14 sec][Hostname/SNI: tpc.googlesyndication.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.456 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/9 45/40 16/14][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 136/446 603/1294 149/488][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0,0,0]
54 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:47304 <-> [2a00:1450:4007:80c::2003]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][Breed: Acceptable][10 pkts/1425 bytes <-> 9 pkts/4047 bytes][Goodput ratio: 41/81][0.16 sec][Hostname/SNI: fonts.gstatic.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.479 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/12 73/73 25/27][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 142/450 603/1294 155/487][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0,0,0]
55 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56562 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][Stack: TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: SocialNetwork/6][Breed: Fun][7 pkts/1091 bytes <-> 8 pkts/4360 bytes][Goodput ratio: 47/84][0.11 sec][Hostname/SNI: www.redditstatic.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.600 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/9 43/40 18/16][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 156/545 603/1134 183/485][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: www.redditstatic.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com][Certificate SHA-1: 24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
56 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:36968 <-> [2a00:1450:4007:80f::2001]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Advertisement/101][Breed: Acceptable][10 pkts/1425 bytes <-> 9 pkts/4016 bytes][Goodput ratio: 41/81][0.14 sec][Hostname/SNI: tpc.googlesyndication.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.476 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/8 47/40 18/15][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 142/446 603/1294 155/488][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0,0,0]
56 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:36968 <-> [2a00:1450:4007:80f::2001]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Advertisement/101][Breed: Tracker_Ads][10 pkts/1425 bytes <-> 9 pkts/4016 bytes][Goodput ratio: 41/81][0.14 sec][Hostname/SNI: tpc.googlesyndication.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.476 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/8 47/40 18/15][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 142/446 603/1294 155/488][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,16,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0,0,0,0,0,0,0,0,0]
57 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56586 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][Stack: TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: SocialNetwork/6][Breed: Fun][7 pkts/1091 bytes <-> 8 pkts/4344 bytes][Goodput ratio: 47/84][0.14 sec][Hostname/SNI: preview.redd.it][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.599 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/9 54/43 23/17][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 156/543 603/1134 183/485][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: redd.it,*.redd.it][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it][Certificate SHA-1: 3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
58 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56588 <-> [64:ff9b::9765:798c]:443 [proto: 91.205/TLS.Reddit][Stack: TLS.Reddit][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: SocialNetwork/6][Breed: Fun][7 pkts/1091 bytes <-> 8 pkts/4344 bytes][Goodput ratio: 47/84][0.14 sec][Hostname/SNI: preview.redd.it][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.599 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/9 53/42 22/17][Pkt Len c2s/s2c min/avg/max/stddev: 74/86 156/543 603/1134 183/485][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.2][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][ServerNames: redd.it,*.redd.it][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it][Certificate SHA-1: 3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12][Chrome][Validity: 2020-08-26 00:00:00 - 2021-02-22 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
59 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:47302 <-> [2a00:1450:4007:80c::2003]:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Web/5][Breed: Acceptable][10 pkts/1923 bytes <-> 5 pkts/3123 bytes][Goodput ratio: 55/86][0.13 sec][Hostname/SNI: fonts.gstatic.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.238 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/18 73/65 26/27][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 192/625 603/1294 163/555][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,37,0,0,0,0,0,12,12,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0]

2
tests/cfgs/default/result/shadowsocks.pcap.out
View file

@ -24,8 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found)
Unknown 15 68444 1
SOCKS 29 69355 1
Acceptable 29 69355 1
Unrated 15 68444 1
Acceptable 29 69355 1
Unspecified 15 68444 1
Web 29 69355 1

2
tests/cfgs/default/result/sip.pcap.out
View file

@ -25,8 +25,8 @@ Unknown 1 146 1
RTP 9 1926 1
SIP 102 47087 2
Acceptable 111 49013 3
Unrated 1 146 1
Acceptable 111 49013 3
Unspecified 1 146 1
Media 9 1926 1

12
tests/cfgs/default/result/sites.pcapng.out
View file

@ -76,9 +76,9 @@ RUTUBE 99 104198 1
Ubiquity 18 8375 1
Kick 8 4923 2
Safe 106 44086 7
Acceptable 248 138841 30
Fun 482 310458 34
Safe 119 52267 9
Acceptable 239 132885 29
Fun 478 308233 33
Potentially_Dangerous 4 2225 1
Media 99 104198 1
@ -138,7 +138,7 @@ JA Host Stats:
17 TCP 192.168.1.128:33102 <-> 13.81.118.91:443 [proto: 91.221/TLS.MS_OneDrive][Stack: TLS.MS_OneDrive][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 7][cat: Cloud/13][Breed: Acceptable][3 pkts/857 bytes <-> 6 pkts/6226 bytes][Goodput ratio: 79/95][0.11 sec][Hostname/SNI: onedrive.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.758 (Download)][IAT c2s/s2c min/avg/max/stddev: 37/0 40/16 42/41 2/19][Pkt Len c2s/s2c min/avg/max/stddev: 74/66 286/1038 571/1514 209/673][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.2][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: onedrive.com,p.sfx.ms,*.live.com,*.live.net,*.skydrive.live.com,*.onedrive.live.com,*.onedrive.com,d.sfx-df.ms,*.odwebb.svc.ms,*.odwebp.svc.ms,*.odwebdf.svc.ms,*.odwebpl.svc.ms][JA3S: 67bfe5d15ae567fb35fd7837f0116eec][Issuer: C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01][Subject: CN=onedrive.com][Certificate SHA-1: 50:2F:33:10:92:AC:27:7B:17:BE:82:68:3B:E2:29:AD:97:41:B7:BB][Firefox][Validity: 2021-08-13 07:38:24 - 2022-08-13 07:38:24][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,57,0,0]
18 TCP 192.168.1.128:42580 <-> 2.17.141.128:443 [proto: 91.258/TLS.Activision][Stack: TLS.Activision][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: Game/8][Breed: Fun][3 pkts/849 bytes <-> 6 pkts/5606 bytes][Goodput ratio: 76/93][0.06 sec][Hostname/SNI: www.activision.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.737 (Download)][IAT c2s/s2c min/avg/max/stddev: 20/0 24/9 27/24 4/10][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 283/934 583/1514 218/562][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.2][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: www.benefitsforeveryworld.com,worldseriesofwarzone.com,treyarch.com,toysforbob.com,spyrothedragon.com,sledgehammergames.com,skylanders.com,sierragames.com,sekirothegame.com,ravensoftware.com,preview.demonware.net,infinityward.com,highmoonstudios.com,highmoon.com,guitarhero.com,europeanwarzoneseries.com,demonware.net,crashbandicoot.com,cdn.gh5.ps3.guitarhero.com,callofdutyleague.com,callofdutyendowment.org,callofdutyendowment.com,callofduty.com,benefitsforeveryworld.com,activisionretail.com,activisionblizzardmedia.com,activisionblizzard.com,activision.com,*.worldseriesofwarzone.com,*.treyarch.com,*.toysforbob.com,*.support.activision.com,*.spyrothedragon.com,*.sledgehammergames.com,*.skylanders.com,*.sierragames.com,*.sekirothegame.com,*.ravensoftware.com,*.infinityward.com,*.highmoonstudios.com,*.highmoon.com,*.guitarhero.com,*.europeanwarzoneseries.com,*.demonware.net,*.crashbandicoot.com,*.callofdutyleague.com,*.callofdutyendowment.org,*.callofdutyendowment.com,*.callofduty.com,*.activisionretail.com,*.activisionblizzardmedia.com,*.activisionblizzard.com,*.activision.com][JA3S: 35af4c8cd9495354f7d701ce8ad7fd2d][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=Santa Monica, O=Activision Publishing, Inc., CN=activision.com][Certificate SHA-1: F7:39:B4:E7:27:83:D4:55:8B:13:77:16:D5:8A:3E:77:FB:2A:4F:41][Firefox][Validity: 2021-12-07 00:00:00 - 2022-12-07 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,14,0,0,0,0,14,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,28,0,0]
19 TCP 192.168.1.128:48654 <-> 13.107.42.14:443 [proto: 91.233/TLS.LinkedIn][Stack: TLS.LinkedIn][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 7][cat: SocialNetwork/6][Breed: Fun][3 pkts/857 bytes <-> 6 pkts/5137 bytes][Goodput ratio: 79/93][0.09 sec][Hostname/SNI: www.linkedin.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.714 (Download)][IAT c2s/s2c min/avg/max/stddev: 27/0 30/12 34/35 4/15][Pkt Len c2s/s2c min/avg/max/stddev: 74/66 286/856 571/1514 209/665][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.2][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: www.linkedin.com,linkedin.com,rum5.perf.linkedin.com,exp4.www.linkedin.com,exp3.www.linkedin.com,exp2.www.linkedin.com,exp1.www.linkedin.com,rum2.perf.linkedin.com,rum4.perf.linkedin.com,rum6.perf.linkedin.com,rum17.perf.linkedin.com,rum8.perf.linkedin.com,rum9.perf.linkedin.com,afd.perf.linkedin.com,rum14.perf.linkedin.com,rum18.perf.linkedin.com,rum19.perf.linkedin.com,exp5.www.linkedin.com,realtime.www.linkedin.com,px.ads.linkedin.com,px4.ads.linkedin.com,dc.ads.linkedin.com,lnkd.in,px.jobs.linkedin.com][JA3S: a66ea560599a2f5c89eec8c3a0d69cee][Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA][Subject: C=US, ST=California, L=Sunnyvale, O=LinkedIn Corporation, CN=www.linkedin.com][Certificate SHA-1: CE:D8:A5:BE:BD:4B:EF:E9:22:C8:0D:55:A6:7A:A6:4A:B8:03:4A:53][Firefox][Validity: 2022-03-01 00:00:00 - 2022-09-01 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,14,0,14,0,0,0,0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0]
20 TCP 192.168.1.128:43412 <-> 151.101.193.73:443 [proto: 91.246/TLS.Bloomberg][Stack: TLS.Bloomberg][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Cloud/13][Breed: Acceptable][3 pkts/816 bytes <-> 6 pkts/5140 bytes][Goodput ratio: 75/92][0.04 sec][Hostname/SNI: www.bloomberg.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.726 (Download)][IAT c2s/s2c min/avg/max/stddev: 10/0 15/6 20/20 5/8][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 272/857 583/1406 223/565][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.2][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: www.bloomberg.com,api.businessweek.com,api.bwbx.io,assets.bwbx.io,byzantium.bloomberg.com,cdn-mobapi.bloomberg.com,cdn-videos.bloomberg.com,cdn.gotraffic.net,charts.bloomberg.com,embeds.bloomberg.com,fastly.bloomberg.tv,feeds.bloomberg.com,fonts.gotraffic.net,staging-assets.bwbx.io,nav.bloomberg.com,sponsored.bloomberg.com,spotlight.bloomberg.com,tictoc.video,www.bbthat.com,www.bloomberg.co.jp,www.bloomberg.co.jp.shared.bloomberga.com,www.bloomberg.com.shared.bloomberga.com,www.bloombergview.com,www.citylab.com,www.citylab.com.shared.bloomberga.com,www.quicktake.video,www.tictoc.video,cdn-api.cmobile.bloomberg.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=New York, L=New York, O=Bloomberg LP, CN=www.bloomberg.com][Certificate SHA-1: 88:4A:85:34:1D:E6:C0:BE:5E:C6:14:BB:BA:94:A3:55:92:BA:95:82][Firefox][Validity: 2022-02-22 00:00:00 - 2023-03-24 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,14,0,0,0,0,0,14,0,0,0,0,0,14,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0,0,0,0,0]
20 TCP 192.168.1.128:43412 <-> 151.101.193.73:443 [proto: 91.246/TLS.Bloomberg][Stack: TLS.Bloomberg][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Cloud/13][Breed: Safe][3 pkts/816 bytes <-> 6 pkts/5140 bytes][Goodput ratio: 75/92][0.04 sec][Hostname/SNI: www.bloomberg.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.726 (Download)][IAT c2s/s2c min/avg/max/stddev: 10/0 15/6 20/20 5/8][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 272/857 583/1406 223/565][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.2][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: www.bloomberg.com,api.businessweek.com,api.bwbx.io,assets.bwbx.io,byzantium.bloomberg.com,cdn-mobapi.bloomberg.com,cdn-videos.bloomberg.com,cdn.gotraffic.net,charts.bloomberg.com,embeds.bloomberg.com,fastly.bloomberg.tv,feeds.bloomberg.com,fonts.gotraffic.net,staging-assets.bwbx.io,nav.bloomberg.com,sponsored.bloomberg.com,spotlight.bloomberg.com,tictoc.video,www.bbthat.com,www.bloomberg.co.jp,www.bloomberg.co.jp.shared.bloomberga.com,www.bloomberg.com.shared.bloomberga.com,www.bloombergview.com,www.citylab.com,www.citylab.com.shared.bloomberga.com,www.quicktake.video,www.tictoc.video,cdn-api.cmobile.bloomberg.com][JA3S: 16c0b3e6a7b8173c16d944cfeaeee9cf][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=New York, L=New York, O=Bloomberg LP, CN=www.bloomberg.com][Certificate SHA-1: 88:4A:85:34:1D:E6:C0:BE:5E:C6:14:BB:BA:94:A3:55:92:BA:95:82][Firefox][Validity: 2022-02-22 00:00:00 - 2023-03-24 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,14,0,0,0,0,0,14,0,0,0,0,0,14,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0,0,0,0,0]
21 TCP 192.168.1.128:39828 <-> 40.97.160.2:443 [proto: 91.21/TLS.Outlook][Stack: TLS.Outlook][IP: 21/Outlook][Encrypted][Confidence: DPI][FPC: 21/Outlook, Confidence: IP address][DPI packets: 7][cat: Email/3][Breed: Acceptable][3 pkts/857 bytes <-> 6 pkts/5097 bytes][Goodput ratio: 79/93][0.55 sec][Hostname/SNI: outlook.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.712 (Download)][IAT c2s/s2c min/avg/max/stddev: 178/0 184/74 190/189 6/90][Pkt Len c2s/s2c min/avg/max/stddev: 74/66 286/850 571/1514 209/672][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.2][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][ServerNames: *.internal.outlook.com,*.outlook.com,outlook.com,office365.com,*.office365.com,*.outlook.office365.com,*.office.com,outlook.office.com,substrate.office.com,attachment.outlook.live.net,attachment.outlook.office.net,attachment.outlook.officeppe.net,attachments.office.net,*.clo.footprintdns.com,*.nrb.footprintdns.com,ccs.login.microsoftonline.com,ccs-sdf.login.microsoftonline.com,substrate-sdf.office.com,attachments-sdf.office.net,*.live.com,mail.services.live.com,hotmail.com,*.hotmail.com][JA3S: 71d9ce75f347e6cf54268d7114ae6925][Issuer: C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=outlook.com][Certificate SHA-1: 4E:39:B4:13:4B:8C:77:57:7D:80:3D:76:40:E8:88:22:05:00:1C:58][Firefox][Validity: 2021-12-22 00:00:00 - 2022-12-22 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,0,14,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,42,0,0]
22 TCP 192.168.1.245:46174 <-> 5.61.23.30:443 [proto: 91/TLS][Stack: TLS][IP: 22/VK][Encrypted][Confidence: DPI][FPC: 22/VK, Confidence: IP address][DPI packets: 6][cat: Web/5][Breed: Safe][10 pkts/2084 bytes <-> 10 pkts/3525 bytes][Goodput ratio: 68/82][0.23 sec][Hostname/SNI: 732231.ms.ok.ru][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.257 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/24 46/47 22/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/60 208/352 905/2236 268/643][nDPI Fingerprint: 10a15e66877bc8846ec3248d43598357][TCP Fingerprint: 2_64_64240_0c11e5ddde9b/Unknown][TLSv1.2][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][ServerNames: *.ok.ru,odnoklassniki.ru,ok.me,okl.lt,oklive.app,tamtam.chat,tt.me,*.odnoklassniki.ru,*.ok.me,*.okl.lt,*.oklive.app,*.tamtam.chat,*.tt.me,*.ms.ok.ru,ms.ok.ru,ok.ru][JA3S: 4ef1b297bb817d8212165a86308bac5f][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018][Subject: C=RU, ST=Moscow, L=Moscow, O=VK LLC, CN=*.ok.ru][ECH: version 0xfe0d][Certificate SHA-1: 66:20:81:B9:D0:20:96:BF:13:93:E6:76:FF:C4:19:BD:F6:29:0E:A3][Firefox][Validity: 2023-10-04 08:36:03 - 2024-10-02 09:21:02][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 25,0,12,0,0,0,0,12,0,0,0,0,0,12,12,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12]
23 TCP 192.168.1.245:55362 <-> 44.218.3.81:443 [proto: 91.411/TLS.Bluesky][Stack: TLS.Bluesky][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 6][cat: SocialNetwork/6][Breed: Fun][4 pkts/931 bytes <-> 3 pkts/4550 bytes][Goodput ratio: 71/95][0.19 sec][Hostname/SNI: bsky.social][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.660 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 64/48 96/97 45/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 233/1517 725/4410 284/2046][nDPI Fingerprint: 6fd4981632b662065dfd7e0896907b0e][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1715h2_5b57614c22b0_5c2c66f702b0][JA3S: f4febc55ea12b31ae17cfb7e614afda8][ECH: version 0xfe0d][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
@ -172,8 +172,8 @@ JA Host Stats:
51 TCP 192.168.1.128:39934 <-> 104.23.98.190:443 [proto: 91.232/TLS.Pastebin][Stack: TLS.Pastebin][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 4][cat: Download/7][Breed: Potentially_Dangerous][2 pkts/645 bytes <-> 2 pkts/1580 bytes][Goodput ratio: 80/92][0.04 sec][Hostname/SNI: pastebin.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][Risk: ** Unsafe Protocol **][Risk Score: 10][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
52 TCP 192.168.1.128:43150 <-> 108.138.199.67:443 [proto: 91.210/TLS.Deezer][Stack: TLS.Deezer][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 4][cat: Music/25][Breed: Fun][2 pkts/657 bytes <-> 2 pkts/1568 bytes][Goodput ratio: 79/91][0.02 sec][Hostname/SNI: deezer.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0]
53 TCP 192.168.1.128:51806 <-> 18.66.196.102:443 [proto: 91.234/TLS.SoundCloud][Stack: TLS.SoundCloud][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 4][cat: Music/25][Breed: Fun][2 pkts/657 bytes <-> 2 pkts/1568 bytes][Goodput ratio: 79/91][0.02 sec][Hostname/SNI: soundcloud.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0]
54 TCP 192.168.1.128:53998 <-> 172.65.251.78:443 [proto: 91.262/TLS.GitLab][Stack: TLS.GitLab][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Fun][2 pkts/645 bytes <-> 2 pkts/1580 bytes][Goodput ratio: 80/92][0.05 sec][Hostname/SNI: www.gitlab.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
55 TCP 192.168.1.128:57014 <-> 108.139.210.102:443 [proto: 91.246/TLS.Bloomberg][Stack: TLS.Bloomberg][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 4][cat: Cloud/13][Breed: Acceptable][2 pkts/657 bytes <-> 2 pkts/1568 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: sourcepointcmp.bloomberg.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0]
54 TCP 192.168.1.128:53998 <-> 172.65.251.78:443 [proto: 91.262/TLS.GitLab][Stack: TLS.GitLab][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 4][cat: Collaborative/15][Breed: Acceptable][2 pkts/645 bytes <-> 2 pkts/1580 bytes][Goodput ratio: 80/92][0.05 sec][Hostname/SNI: www.gitlab.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
55 TCP 192.168.1.128:57014 <-> 108.139.210.102:443 [proto: 91.246/TLS.Bloomberg][Stack: TLS.Bloomberg][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 4][cat: Cloud/13][Breed: Safe][2 pkts/657 bytes <-> 2 pkts/1568 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: sourcepointcmp.bloomberg.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0]
56 TCP 192.168.1.128:38858 <-> 142.250.180.142:443 [proto: 91.123/TLS.GoogleMaps][Stack: TLS.GoogleMaps][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 4][cat: Web/5][Breed: Safe][2 pkts/657 bytes <-> 2 pkts/1558 bytes][Goodput ratio: 79/91][0.03 sec][Hostname/SNI: maps.google.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0]
57 TCP 192.168.1.128:47122 <-> 35.201.112.136:443 [proto: 91.134/TLS.LastFM][Stack: TLS.LastFM][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][FPC: 284/GoogleCloud, Confidence: IP address][DPI packets: 4][cat: Music/25][Breed: Fun][2 pkts/657 bytes <-> 2 pkts/1558 bytes][Goodput ratio: 79/91][0.02 sec][Hostname/SNI: kerve.last.fm][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0]
58 TCP 192.168.1.128:50608 <-> 142.250.185.206:443 [proto: 91/TLS][Stack: TLS][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 4][cat: Web/5][Breed: Safe][2 pkts/657 bytes <-> 2 pkts/1558 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: googleplus.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][nDPI Fingerprint: e9a13ad88d67c04088da7a9aa58f2d2c][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][TLSv1.3][JA4: t13d1715h2_5b57614c22b0_3d5424432f57][JA3S: eb1d94daa7e0344597e756a1fb6e7054][Firefox][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0]

5
tests/cfgs/default/result/smtp-starttls.pcap.out
View file

@ -23,8 +23,7 @@ Patricia protocols IPv6: 2/0 (search/found)
SMTPS 33 6429 1
Google 36 8403 1
Safe 33 6429 1
Acceptable 36 8403 1
Acceptable 69 14832 2
Email 69 14832 2
@ -35,4 +34,4 @@ JA Host Stats:
1 TCP 10.0.0.1:57406 <-> 173.194.68.26:25 [proto: 29.126/SMTPS.Google][Stack: SMTP.SMTPS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 15][cat: Email/3][Breed: Acceptable][17 pkts/2514 bytes <-> 19 pkts/5889 bytes][Goodput ratio: 55/79][0.48 sec][Hostname/SNI: mx.google.com][bytes ratio: -0.402 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 30/24 156/103 42/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 148/310 752/1484 168/444][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_RC4_128_SHA / TLSv1][nDPI Fingerprint: de9abf9d14e2e6e6efd5396d0bde2d80][TCP Fingerprint: 2_64_14600_2e3cee914fc1/Unknown][TLSv1][JA4: t10d290100_cdba58456bdf_e78b541c01a9][ServerNames: aspmx.l.google.com,alt1.aspmx.l.google.com,alt2.aspmx.l.google.com,alt3.aspmx.l.google.com,alt4.aspmx.l.google.com,gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,gmr-smtp-in.l.google.com,alt1.gmr-smtp-in.l.google.com,alt2.gmr-smtp-in.l.google.com,alt3.gmr-smtp-in.l.google.com,alt4.gmr-smtp-in.l.google.com,mx.google.com,aspmx2.googlemail.com,aspmx3.googlemail.com,aspmx4.googlemail.com,aspmx5.googlemail.com][JA3S: 6b96cf9c27b0223177b0e9f135fe4899][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=mx.google.com][Certificate SHA-1: 45:15:6A:E7:49:63:40:94:F9:AB:09:1E:F5:A7:33:6D:F3:7B:28:FC][Validity: 2013-09-09 11:32:35 - 2014-09-09 11:32:35][Cipher: TLS_RSA_WITH_RC4_128_SHA][PLAIN TEXT (x.google.com ESMTP s4)][Plen Bins: 23,18,13,9,4,4,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0]
2 TCP [2003:de:2016:125:fc36:8317:4e86:cb72]:7562 <-> [2003:de:2016:120::a08:53]:25 [VLAN: 125][proto: 29/SMTPS][Stack: SMTP.SMTPS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 11][cat: Email/3][Breed: Safe][16 pkts/2994 bytes <-> 17 pkts/3435 bytes][Goodput ratio: 58/61][0.30 sec][Hostname/SNI: dovecot.weberlab.de][bytes ratio: -0.069 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/23 202/202 55/54][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 187/202 1112/1218 244/263][Risk: ** Self-signed Cert **** TLS (probably) Not Carrying HTTPS **** TLS Susp Extn **][Risk Score: 210][Risk Info: Extn id 65283 / No ALPN / CN=jw-vm08-int-dns][nDPI Fingerprint: 8dccdb5a59f74a0533dcc1ae401d0da5][TCP Fingerprint: 2_64_8192_b5576ecca2fb/Unknown][TLSv1.2][JA4: t12d150900_073e58a039a6_b44afb9f0e6a][JA3S: ccc514751b175866924439bdbb5bba34][Issuer: CN=jw-vm08-int-dns][Subject: CN=jw-vm08-int-dns][Certificate SHA-1: AD:1B:57:6C:AC:BE:46:54:65:F6:1D:6D:85:2A:38:16:07:7D:31:17][Firefox][Validity: 2016-08-16 09:33:19 - 2026-08-14 09:33:19][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (dns.webernetz.net ESMTP Postfix)][Plen Bins: 17,35,17,4,4,8,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0]
2 TCP [2003:de:2016:125:fc36:8317:4e86:cb72]:7562 <-> [2003:de:2016:120::a08:53]:25 [VLAN: 125][proto: 29/SMTPS][Stack: SMTP.SMTPS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 11][cat: Email/3][Breed: Acceptable][16 pkts/2994 bytes <-> 17 pkts/3435 bytes][Goodput ratio: 58/61][0.30 sec][Hostname/SNI: dovecot.weberlab.de][bytes ratio: -0.069 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/23 202/202 55/54][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 187/202 1112/1218 244/263][Risk: ** Self-signed Cert **** TLS (probably) Not Carrying HTTPS **** TLS Susp Extn **][Risk Score: 210][Risk Info: Extn id 65283 / No ALPN / CN=jw-vm08-int-dns][nDPI Fingerprint: 8dccdb5a59f74a0533dcc1ae401d0da5][TCP Fingerprint: 2_64_8192_b5576ecca2fb/Unknown][TLSv1.2][JA4: t12d150900_073e58a039a6_b44afb9f0e6a][JA3S: ccc514751b175866924439bdbb5bba34][Issuer: CN=jw-vm08-int-dns][Subject: CN=jw-vm08-int-dns][Certificate SHA-1: AD:1B:57:6C:AC:BE:46:54:65:F6:1D:6D:85:2A:38:16:07:7D:31:17][Firefox][Validity: 2016-08-16 09:33:19 - 2026-08-14 09:33:19][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][PLAIN TEXT (dns.webernetz.net ESMTP Postfix)][Plen Bins: 17,35,17,4,4,8,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0]

5
tests/cfgs/default/result/starcraft_battle.pcap.out
View file

@ -37,8 +37,9 @@ QUIC 6 475 1
Blizzard 685 346308 24
Safe 46 3071 14
Acceptable 57 9913 13
Acceptable 48 8614 12
Fun 694 347188 25
Tracker_Ads 9 1299 1
Web 55 3733 17
Download 179 134204 1
@ -59,7 +60,7 @@ Advertisement 9 1299 1
10 TCP 192.168.1.100:3526 <-> 80.239.186.40:80 [proto: 7.213/HTTP.Blizzard][Stack: HTTP.Blizzard][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Game/8][Breed: Fun][6 pkts/547 bytes <-> 5 pkts/3139 bytes][Goodput ratio: 39/91][0.19 sec][Hostname/SNI: eu.battle.net][bytes ratio: -0.703 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 33/26 70/61 29/26][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 91/628 265/1514 78/696][URL: eu.battle.net/sc2/en-gb/data/client-homepage.xml][StatusCode: 200][Content-Type: application/xml][Server: Apache][User-Agent: Battle.net Web Client][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][PLAIN TEXT (GET /sc)][Plen Bins: 0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,33,0,0]
11 TCP 192.168.1.100:3516 <-> 80.239.186.21:80 [proto: 7.213/HTTP.Blizzard][Stack: HTTP.Blizzard][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Game/8][Breed: Fun][6 pkts/549 bytes <-> 6 pkts/3131 bytes][Goodput ratio: 39/89][0.17 sec][Hostname/SNI: eu.launcher.battle.net][bytes ratio: -0.702 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/18 56/55 28/26][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 92/522 267/1514 79/654][URL: eu.launcher.battle.net/service/s2/regionsxml/regions.xml][StatusCode: 200][Content-Type: application/xml][Server: Apache][User-Agent: Battle.net Web Client][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][PLAIN TEXT (GET /service/s2/regions)][Plen Bins: 0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,33,0,0]
12 TCP 192.168.1.100:3522 <-> 80.239.186.21:80 [proto: 7.213/HTTP.Blizzard][Stack: HTTP.Blizzard][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Game/8][Breed: Fun][6 pkts/549 bytes <-> 5 pkts/3071 bytes][Goodput ratio: 39/91][0.17 sec][Hostname/SNI: eu.launcher.battle.net][bytes ratio: -0.697 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 29/19 58/58 29/27][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 92/614 267/1514 79/680][URL: eu.launcher.battle.net/service/s2/regionsxml/regions.xml][StatusCode: 200][Content-Type: application/xml][Server: Apache][User-Agent: Battle.net Web Client][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][PLAIN TEXT (GET /service/s2/regions)][Plen Bins: 0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,33,0,0]
13 TCP 192.168.1.100:3506 <-> 173.194.113.224:80 [proto: 7.126/HTTP.Google][Stack: HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Advertisement/101][Breed: Acceptable][5 pkts/632 bytes <-> 4 pkts/667 bytes][Goodput ratio: 55/64][0.12 sec][Hostname/SNI: www.google-analytics.com][bytes ratio: -0.027 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/17 29/25 50/33 18/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 126/167 404/481 139/181][URL: www.google-analytics.com/collect][StatusCode: 200][Req Content-Type: text/plain][Content-Type: image/gif][Server: Golfe2][User-Agent: Battle.net/1.3.0.5952][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][PLAIN TEXT (POST /collect HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
13 TCP 192.168.1.100:3506 <-> 173.194.113.224:80 [proto: 7.126/HTTP.Google][Stack: HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Advertisement/101][Breed: Tracker_Ads][5 pkts/632 bytes <-> 4 pkts/667 bytes][Goodput ratio: 55/64][0.12 sec][Hostname/SNI: www.google-analytics.com][bytes ratio: -0.027 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/17 29/25 50/33 18/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 126/167 404/481 139/181][URL: www.google-analytics.com/collect][StatusCode: 200][Req Content-Type: text/plain][Content-Type: image/gif][Server: Golfe2][User-Agent: Battle.net/1.3.0.5952][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][PLAIN TEXT (POST /collect HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
14 TCP 192.168.1.100:3518 <-> 80.239.186.26:80 [proto: 7.213/HTTP.Blizzard][Stack: HTTP.Blizzard][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 213/Blizzard, Confidence: DNS][DPI packets: 6][cat: Game/8][Breed: Fun][6 pkts/473 bytes <-> 4 pkts/753 bytes][Goodput ratio: 29/69][0.30 sec][Hostname/SNI: nydus.battle.net][bytes ratio: -0.228 (Download)][IAT c2s/s2c min/avg/max/stddev: 10/0 60/33 100/66 30/33][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 79/188 191/573 50/222][URL: nydus.battle.net/S2/enGB/client/alert?build=enGB&targetRegion=EU][StatusCode: 302][Content-Type: text/html][Server: Apache][User-Agent: Battle.net Web Client][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][PLAIN TEXT (GET /S2/enGB/client/alert)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
15 TCP 192.168.1.100:3515 <-> 80.239.186.26:80 [proto: 7.213/HTTP.Blizzard][Stack: HTTP.Blizzard][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 213/Blizzard, Confidence: DNS][DPI packets: 6][cat: Game/8][Breed: Fun][6 pkts/475 bytes <-> 4 pkts/749 bytes][Goodput ratio: 29/69][0.30 sec][Hostname/SNI: nydus.battle.net][bytes ratio: -0.224 (Download)][IAT c2s/s2c min/avg/max/stddev: 9/0 60/34 96/68 29/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 79/187 193/569 51/220][URL: nydus.battle.net/S2/enGB/client/regions?build=enGB&targetRegion=EU][StatusCode: 302][Content-Type: text/html][Server: Apache][User-Agent: Battle.net Web Client][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][PLAIN TEXT (GET /S2/enGB/client/regions)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
16 TCP 192.168.1.100:3521 <-> 80.239.186.26:80 [proto: 7.213/HTTP.Blizzard][Stack: HTTP.Blizzard][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 213/Blizzard, Confidence: DNS][DPI packets: 6][cat: Game/8][Breed: Fun][6 pkts/475 bytes <-> 4 pkts/749 bytes][Goodput ratio: 29/69][0.30 sec][Hostname/SNI: nydus.battle.net][bytes ratio: -0.224 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 60/30 102/59 34/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 79/187 193/569 51/220][URL: nydus.battle.net/S2/enGB/client/regions?build=enGB&targetRegion=EU][StatusCode: 302][Content-Type: text/html][Server: Apache][User-Agent: Battle.net Web Client][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][PLAIN TEXT (GET /S2/enGB/client/regions)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

5
tests/cfgs/default/result/stun.pcap.out
View file

@ -29,8 +29,7 @@ ICMP 1 122 1
FacebookVoip 75 10554 1
GoogleCall 41 7228 2
Safe 4 766 1
Acceptable 197 28062 8
Acceptable 201 28828 9
VoIP 131 19906 4
Network 70 8922 5
@ -47,6 +46,6 @@ JA Host Stats:
4 TCP 87.47.100.17:3478 <-> 54.1.57.155:37257 [proto: 78/STUN][Stack: STUN][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Network/14][Breed: Acceptable][9 pkts/1494 bytes <-> 11 pkts/2178 bytes][Goodput ratio: 60/67][0.95 sec][Hostname/SNI: apps-host.com][bytes ratio: -0.186 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 104/96 267/252 102/93][Pkt Len c2s/s2c min/avg/max/stddev: 74/94 166/198 234/354 41/65][Mapped IP/Port: 5.37.217.126:37257][Relayed IP/Port: 66.55.92.16:40576][PLAIN TEXT (Unauthorized)][Plen Bins: 10,0,15,21,42,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 TCP 10.77.110.51:41588 <-> 10.206.50.239:42000 [VLAN: 1611][proto: 78.38/STUN.TeamsCall][Stack: STUN.TeamsCall][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: VoIP/10][Breed: Acceptable][7 pkts/1006 bytes <-> 8 pkts/1118 bytes][Goodput ratio: 58/57][1.05 sec][bytes ratio: -0.053 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 189/134 369/399 144/153][Pkt Len c2s/s2c min/avg/max/stddev: 70/64 144/140 164/172 31/43][Mapped IP/Port: 10.77.110.51:41588][TCP Fingerprint: 2_128_8192_5e2eda046ca7/Unknown][Plen Bins: 0,0,25,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 UDP 192.168.12.169:43016 <-> 74.125.247.128:3478 [proto: 78.404/STUN.GoogleCall][Stack: STUN.GoogleCall][IP: 126/Google][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 7][cat: VoIP/10][Breed: Acceptable][4 pkts/528 bytes <-> 4 pkts/408 bytes][Goodput ratio: 68/59][1.25 sec][Hostname/SNI: turn.l.google.com][bytes ratio: 0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 9/23 342/409 974/1177 447/543][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 132/102 198/122 61/19][Mapped IP/Port: 93.47.225.225:23616][Relayed IP/Port: 10.2.0.86:44908][PLAIN TEXT (BSnLfRxS6)][Plen Bins: 12,37,25,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 UDP 192.168.43.169:48854 <-> 134.224.90.111:8801 [proto: 30/DTLS][Stack: STUN.DTLS][IP: 189/Zoom][Encrypted][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: Network/14][Breed: Safe][3 pkts/660 bytes <-> 1 pkts/106 bytes][Goodput ratio: 81/60][0.12 sec][(Advertised) ALPNs: webrtc;c-webrtc][Mapped IP/Port: 93.33.105.111:8466][DTLSv1.2][JA4: dd2i0808wc_c6c2b6ec87e0_06b1ae923e2a][Firefox][PLAIN TEXT (DCBD09778680)][Plen Bins: 0,0,25,0,25,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 UDP 192.168.43.169:48854 <-> 134.224.90.111:8801 [proto: 30/DTLS][Stack: STUN.DTLS][IP: 189/Zoom][Encrypted][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: Network/14][Breed: Acceptable][3 pkts/660 bytes <-> 1 pkts/106 bytes][Goodput ratio: 81/60][0.12 sec][(Advertised) ALPNs: webrtc;c-webrtc][Mapped IP/Port: 93.33.105.111:8466][DTLSv1.2][JA4: dd2i0808wc_c6c2b6ec87e0_06b1ae923e2a][Firefox][PLAIN TEXT (DCBD09778680)][Plen Bins: 0,0,25,0,25,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
8 UDP [2600:1900:4160:5999:0:19::]:3478 -> [2001:b07:a3d:c112:48a1:1094:1227:281e]:48094 [proto: 78/STUN][Stack: STUN][IP: 284/GoogleCloud][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 3][cat: Network/14][Breed: Acceptable][3 pkts/414 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][5.22 sec][Mapped IP/Port: [2001:b07:a3d:c112:48a1:1094:1227:281e]:48094][Rsp Origin IP/Port: [2600:1900:4160:5999:0:19::]:3478][Other IP/Port: [2600:1900:4160:5999:0:19::]:80][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (KdfbdZ2)][Plen Bins: 0,66,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
9 ICMP 192.168.12.169:0 -> 74.125.247.128:0 [proto: 81/ICMP][Stack: ICMP][IP: 126/Google][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/122 bytes -> 0 pkts/0 bytes][Goodput ratio: 65/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Entropy: 5.280 (Executable?)][PLAIN TEXT (62NfUD5)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

4
tests/cfgs/default/result/stun_dtls_unidirectional_client.pcap.out
View file

@ -22,7 +22,7 @@ Patricia protocols IPv6: 0/0 (search/found)
DTLS 6 1708 1
Safe 6 1708 1
Acceptable 6 1708 1
Network 6 1708 1
@ -31,4 +31,4 @@ JA Host Stats:
1 26.83.9.81 1
1 UDP 26.83.9.81:57567 -> 33.35.223.103:540 [proto: 30/DTLS][Stack: STUN.DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 6][cat: Network/14][Breed: Safe][6 pkts/1708 bytes -> 0 pkts/0 bytes][Goodput ratio: 85/0][1.16 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 232/0 299/0 116/0][Pkt Len c2s/s2c min/avg/max/stddev: 106/0 285/0 873/0 267/0][Mapped IP/Port: 104.193.187.21:540][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][DTLSv1.0][JA4: dd1i350400_23b9269eae60_dbc12469f409][PLAIN TEXT (ugPnBzE)][Plen Bins: 0,0,16,51,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
1 UDP 26.83.9.81:57567 -> 33.35.223.103:540 [proto: 30/DTLS][Stack: STUN.DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 6][cat: Network/14][Breed: Acceptable][6 pkts/1708 bytes -> 0 pkts/0 bytes][Goodput ratio: 85/0][1.16 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 232/0 299/0 116/0][Pkt Len c2s/s2c min/avg/max/stddev: 106/0 285/0 873/0 267/0][Mapped IP/Port: 104.193.187.21:540][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][DTLSv1.0][JA4: dd1i350400_23b9269eae60_dbc12469f409][PLAIN TEXT (ugPnBzE)][Plen Bins: 0,0,16,51,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

4
tests/cfgs/default/result/stun_dtls_unidirectional_server.pcap.out
View file

@ -22,7 +22,7 @@ Patricia protocols IPv6: 0/0 (search/found)
DTLS 6 1563 1
Safe 6 1563 1
Acceptable 6 1563 1
Network 6 1563 1
@ -30,4 +30,4 @@ JA Host Stats:
IP Address # JA4C
1 UDP 33.35.223.103:540 -> 26.83.9.81:57567 [proto: 30/DTLS][Stack: STUN.DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 6][cat: Network/14][Breed: Safe][6 pkts/1563 bytes -> 0 pkts/0 bytes][Goodput ratio: 84/0][1.16 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 232/0 299/0 116/0][Pkt Len c2s/s2c min/avg/max/stddev: 106/0 260/0 958/0 312/0][Mapped IP/Port: 5.36.191.232:57567][Risk: ** Self-signed Cert **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No client to server traffic / CN=LiveFoundry Inc.][DTLSv1.0][JA3S: 1974c5c625e99dc22d0477079a54aed3][Issuer: CN=LiveFoundry Inc.][Subject: CN=LiveFoundry Inc.][Certificate SHA-1: 23:F4:E7:42:93:22:91:BB:A3:54:70:97:94:2A:DE:AF:26:61:18:98][Validity: 2015-08-27 09:07:05 - 2016-08-27 09:07:05][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA][PLAIN TEXT (LiveFoundry Inc.0)][Plen Bins: 0,0,67,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
1 UDP 33.35.223.103:540 -> 26.83.9.81:57567 [proto: 30/DTLS][Stack: STUN.DTLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 6][cat: Network/14][Breed: Acceptable][6 pkts/1563 bytes -> 0 pkts/0 bytes][Goodput ratio: 84/0][1.16 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 232/0 299/0 116/0][Pkt Len c2s/s2c min/avg/max/stddev: 106/0 260/0 958/0 312/0][Mapped IP/Port: 5.36.191.232:57567][Risk: ** Self-signed Cert **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No client to server traffic / CN=LiveFoundry Inc.][DTLSv1.0][JA3S: 1974c5c625e99dc22d0477079a54aed3][Issuer: CN=LiveFoundry Inc.][Subject: CN=LiveFoundry Inc.][Certificate SHA-1: 23:F4:E7:42:93:22:91:BB:A3:54:70:97:94:2A:DE:AF:26:61:18:98][Validity: 2015-08-27 09:07:05 - 2016-08-27 09:07:05][Cipher: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA][PLAIN TEXT (LiveFoundry Inc.0)][Plen Bins: 0,0,67,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

5
tests/cfgs/default/result/stun_zoom.pcapng.out
View file

@ -23,8 +23,7 @@ Patricia protocols IPv6: 0/0 (search/found)
DTLS 40 9877 1
Zoom 30 8381 1
Safe 40 9877 1
Acceptable 30 8381 1
Acceptable 70 18258 2
Network 40 9877 1
Video 30 8381 1
@ -34,5 +33,5 @@ JA Host Stats:
1 192.168.43.169 1
1 UDP 192.168.43.169:53065 <-> 134.224.90.111:8801 [proto: 30/DTLS][Stack: STUN.DTLS][IP: 189/Zoom][Encrypted][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 17][cat: Network/14][Breed: Safe][19 pkts/3524 bytes <-> 21 pkts/6353 bytes][Goodput ratio: 77/86][1.19 sec][(Advertised) ALPNs: webrtc;c-webrtc][bytes ratio: -0.286 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 64/45 153/178 50/56][Pkt Len c2s/s2c min/avg/max/stddev: 91/56 185/303 231/1094 42/390][Mapped IP/Port: 93.33.105.111:8466][nDPI Fingerprint: 53fc3595190d1a92663b2e552af49022][DTLSv1.2][JA4: dd2i0808wc_c6c2b6ec87e0_06b1ae923e2a][Firefox][PLAIN TEXT (webrtc)][Plen Bins: 5,15,27,2,27,10,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
1 UDP 192.168.43.169:53065 <-> 134.224.90.111:8801 [proto: 30/DTLS][Stack: STUN.DTLS][IP: 189/Zoom][Encrypted][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 17][cat: Network/14][Breed: Acceptable][19 pkts/3524 bytes <-> 21 pkts/6353 bytes][Goodput ratio: 77/86][1.19 sec][(Advertised) ALPNs: webrtc;c-webrtc][bytes ratio: -0.286 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 64/45 153/178 50/56][Pkt Len c2s/s2c min/avg/max/stddev: 91/56 185/303 231/1094 42/390][Mapped IP/Port: 93.33.105.111:8466][nDPI Fingerprint: 53fc3595190d1a92663b2e552af49022][DTLSv1.2][JA4: dd2i0808wc_c6c2b6ec87e0_06b1ae923e2a][Firefox][PLAIN TEXT (webrtc)][Plen Bins: 5,15,27,2,27,10,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 UDP 192.168.43.169:48854 <-> 134.224.90.111:8801 [proto: 30.189/DTLS.Zoom][Stack: STUN.DTLS.Zoom][IP: 189/Zoom][Encrypted][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 14][cat: Video/26][Breed: Acceptable][13 pkts/2491 bytes <-> 17 pkts/5890 bytes][Goodput ratio: 78/88][0.76 sec][(Advertised) ALPNs: webrtc;c-webrtc][bytes ratio: -0.406 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 73/43 200/286 59/80][Pkt Len c2s/s2c min/avg/max/stddev: 91/56 192/346 231/1094 40/422][Mapped IP/Port: 93.33.105.111:8466][nDPI Fingerprint: 53fc3595190d1a92663b2e552af49022][DTLSv1.2][JA4: dd2i0808wc_c6c2b6ec87e0_06b1ae923e2a][ServerNames: *.cloud.zoom.us][JA3S: 323ab23be4a686962b978f9ca6735add][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=San Jose, O=Zoom Video Communications, Inc., CN=*.cloud.zoom.us][Certificate SHA-1: FD:F2:22:45:64:31:28:BD:2D:56:D6:F4:56:01:71:88:E3:4C:2C:D9][Firefox][Validity: 2022-01-22 00:00:00 - 2023-01-24 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256][PLAIN TEXT (DCBD09778680)][Plen Bins: 10,13,23,0,26,10,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

2
tests/cfgs/default/result/synscan.pcap.out
View file

@ -90,11 +90,11 @@ LDP 2 116 2
JRMI 2 116 2
iSCSI 2 116 2
Unrated 1846 107076 1842
Safe 14 812 14
Acceptable 135 7856 122
Fun 8 464 8
Unsafe 8 464 8
Unrated 1846 107076 1842
Unspecified 1848 107192 1844
Media 4 232 4

2
tests/cfgs/default/result/syslog.pcap.out
View file

@ -25,8 +25,8 @@ Patricia protocols IPv6: 2/0 (search/found)
Unknown 1 78 1
Syslog 93 20321 21
Acceptable 93 20321 21
Unrated 1 78 1
Acceptable 93 20321 21
Unspecified 1 78 1
System 93 20321 21

2
tests/cfgs/default/result/tcp_scan.pcapng.out
View file

@ -29,9 +29,9 @@ SMBv23 2 138 1
RDP 2 118 1
TLS 4 272 1
Unrated 6 342 3
Safe 4 272 1
Acceptable 8 528 3
Unrated 6 342 3
Unspecified 6 342 3
Web 8 544 2

44
tests/cfgs/default/result/teams.pcap.out
View file

@ -40,10 +40,10 @@ Spotify 1 82 1
Microsoft365 531 334618 13
Teams 722 277403 23
Safe 782 298577 28
Acceptable 711 377880 53
Fun 1 82 1
Unrated 4 456 1
Safe 163 64819 9
Acceptable 1330 611638 72
Fun 1 82 1
Unspecified 4 456 1
Web 23 11660 3
@ -60,43 +60,43 @@ JA Host Stats:
1 TCP 192.168.1.6:60543 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 9][cat: Collaborative/15][Breed: Acceptable][67 pkts/86089 bytes <-> 40 pkts/7347 bytes][Goodput ratio: 95/64][0.72 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.843 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/16 152/86 28/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1285/184 1494/1506 497/372][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 1,1,1,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,89,3,0,0]
2 TCP 192.168.1.6:60532 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 8][cat: Collaborative/15][Breed: Acceptable][49 pkts/58592 bytes <-> 28 pkts/6555 bytes][Goodput ratio: 94/72][0.71 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.799 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/29 177/221 32/57][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1196/234 1494/1506 564/435][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 2,2,2,0,0,2,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,81,4,0,0]
3 TCP 192.168.1.6:60554 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 12][cat: Collaborative/15][Breed: Safe][24 pkts/2746 bytes <-> 28 pkts/30546 bytes][Goodput ratio: 52/95][0.23 sec][Hostname/SNI: config.teams.microsoft.com][bytes ratio: -0.835 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/9 21/140 7/29][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 114/1091 1136/1506 217/607][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: *.config.teams.microsoft.com,config.teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=config.teams.microsoft.com][Certificate SHA-1: B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA][Firefox][Validity: 2019-12-11 02:04:20 - 2021-12-11 02:04:20][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,7,0,3,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,0,0,7,0,0,0,0,0,65,0,0]
3 TCP 192.168.1.6:60554 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 12][cat: Collaborative/15][Breed: Acceptable][24 pkts/2746 bytes <-> 28 pkts/30546 bytes][Goodput ratio: 52/95][0.23 sec][Hostname/SNI: config.teams.microsoft.com][bytes ratio: -0.835 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/9 21/140 7/29][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 114/1091 1136/1506 217/607][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: *.config.teams.microsoft.com,config.teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=config.teams.microsoft.com][Certificate SHA-1: B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA][Firefox][Validity: 2019-12-11 02:04:20 - 2021-12-11 02:04:20][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,7,0,3,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,0,0,7,0,0,0,0,0,65,0,0]
4 TCP 192.168.1.6:60561 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 10][cat: Collaborative/15][Breed: Acceptable][23 pkts/19184 bytes <-> 14 pkts/5643 bytes][Goodput ratio: 92/83][0.82 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.545 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/44 161/136 43/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 834/403 1494/1506 690/567][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 4,4,4,0,0,0,9,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,60,9,0,0]
5 TCP 192.168.1.6:60535 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 16][cat: Collaborative/15][Breed: Acceptable][21 pkts/16793 bytes <-> 13 pkts/5565 bytes][Goodput ratio: 92/84][0.33 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.502 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/18 48/49 17/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 800/428 1494/1506 681/581][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][Safari][Plen Bins: 5,5,5,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,53,10,0,0]
6 TCP 192.168.1.6:60559 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][21 pkts/15525 bytes <-> 12 pkts/5499 bytes][Goodput ratio: 91/85][0.35 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.477 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/21 52/51 22/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 739/458 1494/1506 682/595][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][Safari][Plen Bins: 5,5,5,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,52,11,0,0]
7 TCP 192.168.1.6:60545 <-> 52.114.77.58:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][49 pkts/7568 bytes <-> 34 pkts/11426 bytes][Goodput ratio: 65/83][9.23 sec][Hostname/SNI: presence.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.203 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 226/294 4927/4971 803/983][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 154/336 1494/1506 217/458][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,17,10,8,6,4,0,6,2,0,0,2,6,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]
7 TCP 192.168.1.6:60545 <-> 52.114.77.58:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][49 pkts/7568 bytes <-> 34 pkts/11426 bytes][Goodput ratio: 65/83][9.23 sec][Hostname/SNI: presence.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.203 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 226/294 4927/4971 803/983][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 154/336 1494/1506 217/458][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,17,10,8,6,4,0,6,2,0,0,2,6,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]
8 TCP 192.168.1.6:60549 <-> 13.107.18.11:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 21/Outlook][Encrypted][Confidence: DPI][FPC: 219/Microsoft365, Confidence: DNS][DPI packets: 10][cat: Collaborative/15][Breed: Acceptable][28 pkts/7696 bytes <-> 26 pkts/9797 bytes][Goodput ratio: 80/85][1.16 sec][Hostname/SNI: substrate.office.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 47/23 539/167 115/43][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 275/377 1494/1506 397/471][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][ServerNames: outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com][JA3S: a66ea560599a2f5c89eec8c3a0d69cee][Issuer: C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com][Certificate SHA-1: AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2][Validity: 2019-07-12 00:00:00 - 2021-07-12 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,22,7,0,7,0,7,0,0,3,3,0,0,0,3,0,7,0,3,0,10,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0]
9 TCP 192.168.1.6:60548 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 8][cat: Collaborative/15][Breed: Acceptable][18 pkts/12047 bytes <-> 11 pkts/5433 bytes][Goodput ratio: 90/86][0.32 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.378 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/23 51/51 21/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 669/494 1494/1506 669/609][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 6,6,6,0,0,0,6,0,0,0,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,44,12,0,0]
10 TCP 192.168.1.6:60533 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: IP address][DPI packets: 12][cat: Collaborative/15][Breed: Safe][20 pkts/1861 bytes <-> 20 pkts/12980 bytes][Goodput ratio: 41/91][0.10 sec][Hostname/SNI: teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/4 29/29 8/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 93/649 312/1506 76/603][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][ServerNames: teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,15,10,0,5,0,10,0,5,0,5,0,0,0,0,0,5,0,0,10,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0]
11 TCP 192.168.1.6:60540 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][14 pkts/5711 bytes <-> 10 pkts/8093 bytes][Goodput ratio: 83/92][0.13 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.173 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 32/32 13/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 408/809 1494/1506 517/688][nDPI Fingerprint: 5fb4c79ca06d0d1a2c439b047f560ede][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][Plen Bins: 0,7,0,7,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,15,31,0,0]
10 TCP 192.168.1.6:60533 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: IP address][DPI packets: 12][cat: Collaborative/15][Breed: Acceptable][20 pkts/1861 bytes <-> 20 pkts/12980 bytes][Goodput ratio: 41/91][0.10 sec][Hostname/SNI: teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/4 29/29 8/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 93/649 312/1506 76/603][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][ServerNames: teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,15,10,0,5,0,10,0,5,0,5,0,0,0,0,0,5,0,0,10,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0]
11 TCP 192.168.1.6:60540 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][14 pkts/5711 bytes <-> 10 pkts/8093 bytes][Goodput ratio: 83/92][0.13 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.173 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 32/32 13/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 408/809 1494/1506 517/688][nDPI Fingerprint: 5fb4c79ca06d0d1a2c439b047f560ede][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][Plen Bins: 0,7,0,7,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,15,31,0,0]
12 TCP 192.168.1.6:60537 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 8][cat: Collaborative/15][Breed: Acceptable][16 pkts/8418 bytes <-> 10 pkts/5367 bytes][Goodput ratio: 87/88][0.27 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.221 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/27 46/46 20/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 526/537 1494/1506 639/623][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,7,7,0,0,0,7,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,7,0,0,31,15,0,0]
13 TCP 192.168.1.6:60555 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 11][cat: Collaborative/15][Breed: Acceptable][18 pkts/5861 bytes <-> 13 pkts/7901 bytes][Goodput ratio: 80/89][2.79 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: -0.148 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 192/269 2443/2490 625/741][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 326/608 1494/1506 448/617][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Firefox][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,11,0,0,5,0,0,0,5,5,0,0,11,0,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,22,0,0]
14 UDP 192.168.1.6:51681 <-> 52.114.77.136:3478 [proto: 78/STUN][Stack: STUN][IP: 276/Azure][ClearText][Confidence: Match by port][FPC: 250/Teams, Confidence: DNS][DPI packets: 7][cat: Network/14][Breed: Acceptable][14 pkts/5838 bytes <-> 17 pkts/7907 bytes][Goodput ratio: 90/91][4.57 sec][bytes ratio: -0.151 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 347/256 2336/2336 693/595][Pkt Len c2s/s2c min/avg/max/stddev: 79/79 417/465 1243/1227 434/401][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 6.927 (Compressed Executable?)][PLAIN TEXT (TBHSWF)][Plen Bins: 0,36,0,0,0,12,6,0,3,6,0,0,0,3,0,0,0,0,0,0,0,0,0,6,6,0,0,0,0,0,3,0,3,3,0,0,0,9,0,0,0,0,0,0,0,0,0,0]
15 TCP 192.168.1.6:60547 <-> 52.114.88.59:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 219/Microsoft365, Confidence: DNS][DPI packets: 16][cat: Collaborative/15][Breed: Safe][20 pkts/3926 bytes <-> 15 pkts/8828 bytes][Goodput ratio: 66/89][0.32 sec][Hostname/SNI: chatsvcagg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.384 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/25 91/80 23/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 196/589 1494/1506 320/612][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,10,5,0,5,10,5,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,21,0,0]
16 TCP 192.168.1.6:60565 <-> 52.114.108.8:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][19 pkts/3306 bytes <-> 14 pkts/9053 bytes][Goodput ratio: 61/90][0.43 sec][Hostname/SNI: emea.ng.msg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.465 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/12 276/54 68/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 174/647 1060/1506 238/633][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,22,16,5,0,0,5,0,0,0,0,0,0,5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,22,0,0]
17 TCP 192.168.1.6:60541 <-> 52.114.75.69:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 10][cat: Collaborative/15][Breed: Safe][13 pkts/4051 bytes <-> 9 pkts/7973 bytes][Goodput ratio: 79/92][0.14 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.326 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/11 31/36 14/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 312/886 1494/1506 422/676][nDPI Fingerprint: 5fb4c79ca06d0d1a2c439b047f560ede][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][ServerNames: *.asm.skype.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=*.asm.skype.com][Certificate SHA-1: B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48][Validity: 2019-05-07 12:50:03 - 2021-05-07 12:50:03][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,8,0,8,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,34,0,0]
15 TCP 192.168.1.6:60547 <-> 52.114.88.59:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 219/Microsoft365, Confidence: DNS][DPI packets: 16][cat: Collaborative/15][Breed: Acceptable][20 pkts/3926 bytes <-> 15 pkts/8828 bytes][Goodput ratio: 66/89][0.32 sec][Hostname/SNI: chatsvcagg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.384 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/25 91/80 23/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 196/589 1494/1506 320/612][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,10,5,0,5,10,5,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,21,0,0]
16 TCP 192.168.1.6:60565 <-> 52.114.108.8:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][19 pkts/3306 bytes <-> 14 pkts/9053 bytes][Goodput ratio: 61/90][0.43 sec][Hostname/SNI: emea.ng.msg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.465 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/12 276/54 68/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 174/647 1060/1506 238/633][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,22,16,5,0,0,5,0,0,0,0,0,0,5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,22,0,0]
17 TCP 192.168.1.6:60541 <-> 52.114.75.69:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 10][cat: Collaborative/15][Breed: Acceptable][13 pkts/4051 bytes <-> 9 pkts/7973 bytes][Goodput ratio: 79/92][0.14 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.326 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/11 31/36 14/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 312/886 1494/1506 422/676][nDPI Fingerprint: 5fb4c79ca06d0d1a2c439b047f560ede][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][ServerNames: *.asm.skype.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=*.asm.skype.com][Certificate SHA-1: B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48][Validity: 2019-05-07 12:50:03 - 2021-05-07 12:50:03][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,8,0,8,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,34,0,0]
18 TCP 192.168.1.6:60556 <-> 40.126.9.7:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 219/Microsoft365][Encrypted][Confidence: DPI][FPC: 219/Microsoft365, Confidence: IP address][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][15 pkts/4178 bytes <-> 12 pkts/7795 bytes][Goodput ratio: 76/90][0.43 sec][Hostname/SNI: login.microsoftonline.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.302 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/45 105/135 29/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 279/650 1494/1506 415/671][nDPI Fingerprint: 7d566af7d9cf82d9648af572f48542b0][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d2010h2_2a284e3b0c56_f05fdf8c38a9][Safari][Plen Bins: 7,7,0,15,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,7,31,0,0]
19 TCP 192.168.1.6:60560 <-> 40.126.9.67:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 219/Microsoft365][Encrypted][Confidence: DPI][FPC: 219/Microsoft365, Confidence: IP address][DPI packets: 9][cat: Collaborative/15][Breed: Acceptable][14 pkts/4099 bytes <-> 12 pkts/7812 bytes][Goodput ratio: 77/90][0.36 sec][Hostname/SNI: login.microsoftonline.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.312 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/20 107/54 31/21][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 293/651 1494/1506 427/672][nDPI Fingerprint: 7d566af7d9cf82d9648af572f48542b0][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d2010h2_2a284e3b0c56_f05fdf8c38a9][ServerNames: login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com][JA3S: 678aeaf909676262acfb913ccb78a126][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=stamp2.login.microsoftonline.com][Certificate SHA-1: 7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63][Safari][Validity: 2018-09-24 21:49:30 - 2020-09-24 21:49:30][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,7,0,15,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,7,31,0,0]
20 TCP 192.168.1.6:60544 <-> 52.114.76.48:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][21 pkts/3510 bytes <-> 17 pkts/8350 bytes][Goodput ratio: 67/89][9.73 sec][Hostname/SNI: northeurope.notifications.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.408 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/743 403/8978 94/2380][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 167/491 1114/1506 247/578][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,10,0,5,0,0,10,5,0,0,15,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,21,0,0]
20 TCP 192.168.1.6:60544 <-> 52.114.76.48:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][21 pkts/3510 bytes <-> 17 pkts/8350 bytes][Goodput ratio: 67/89][9.73 sec][Hostname/SNI: northeurope.notifications.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.408 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/743 403/8978 94/2380][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 167/491 1114/1506 247/578][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,10,0,5,0,0,10,5,0,0,15,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,21,0,0]
21 TCP 192.168.1.6:60562 <-> 104.40.187.151:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI (partial)][FPC: 276/Azure, Confidence: IP address][DPI packets: 16][cat: Collaborative/15][Breed: Safe][19 pkts/3484 bytes <-> 13 pkts/8009 bytes][Goodput ratio: 63/89][0.29 sec][Hostname/SNI: api.microsoftstream.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.394 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/12 45/45 15/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 183/616 1379/1506 297/613][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,22,22,0,0,0,5,5,0,0,0,5,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,22,0,0]
22 TCP 192.168.1.6:60563 <-> 52.169.186.119:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI (partial)][FPC: 276/Azure, Confidence: IP address][DPI packets: 16][cat: Collaborative/15][Breed: Safe][17 pkts/3244 bytes <-> 12 pkts/8152 bytes][Goodput ratio: 65/90][0.22 sec][Hostname/SNI: euno-1.api.microsoftstream.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.431 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/13 69/48 22/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 191/679 1352/1506 306/618][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,18,18,0,0,0,6,6,0,0,0,6,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,25,0,0]
23 TCP 192.168.1.6:60552 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 8][cat: Collaborative/15][Breed: Acceptable][14 pkts/5842 bytes <-> 11 pkts/5445 bytes][Goodput ratio: 84/86][0.66 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.035 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/71 143/237 42/77][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 417/495 1494/1506 527/609][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 8,8,8,0,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,16,16,0,0]
24 TCP 192.168.1.6:60542 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 12][cat: Collaborative/15][Breed: Safe][18 pkts/2750 bytes <-> 19 pkts/8360 bytes][Goodput ratio: 64/87][2.95 sec][Hostname/SNI: config.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.505 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 197/61 1998/468 513/122][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 153/440 575/1506 158/563][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][ServerNames: *.config.teams.microsoft.com,config.teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=config.teams.microsoft.com][Certificate SHA-1: B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA][Validity: 2019-12-11 02:04:20 - 2021-12-11 02:04:20][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,11,11,0,11,0,11,0,0,11,5,0,5,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0]
25 TCP 192.168.1.6:60536 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: IP address][DPI packets: 12][cat: Collaborative/15][Breed: Safe][13 pkts/3676 bytes <-> 10 pkts/6984 bytes][Goodput ratio: 80/92][0.04 sec][Hostname/SNI: teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.310 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/4 13/15 5/6][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 283/698 1494/1506 438/666][nDPI Fingerprint: 5fb4c79ca06d0d1a2c439b047f560ede][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][ServerNames: teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,7,15,0,7,0,15,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0]
24 TCP 192.168.1.6:60542 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 12][cat: Collaborative/15][Breed: Acceptable][18 pkts/2750 bytes <-> 19 pkts/8360 bytes][Goodput ratio: 64/87][2.95 sec][Hostname/SNI: config.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.505 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 197/61 1998/468 513/122][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 153/440 575/1506 158/563][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][ServerNames: *.config.teams.microsoft.com,config.teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=config.teams.microsoft.com][Certificate SHA-1: B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA][Validity: 2019-12-11 02:04:20 - 2021-12-11 02:04:20][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,11,11,0,11,0,11,0,0,11,5,0,5,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0]
25 TCP 192.168.1.6:60536 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: IP address][DPI packets: 12][cat: Collaborative/15][Breed: Acceptable][13 pkts/3676 bytes <-> 10 pkts/6984 bytes][Goodput ratio: 80/92][0.04 sec][Hostname/SNI: teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.310 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/4 13/15 5/6][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 283/698 1494/1506 438/666][nDPI Fingerprint: 5fb4c79ca06d0d1a2c439b047f560ede][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][ServerNames: teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,7,15,0,7,0,15,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0]
26 TCP 192.168.1.6:60568 <-> 40.79.138.41:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI (partial)][FPC: 212/Microsoft, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][12 pkts/2175 bytes <-> 9 pkts/8211 bytes][Goodput ratio: 62/93][0.18 sec][Hostname/SNI: gate.hockeyapp.net][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.581 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/22 37/68 16/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 181/912 599/1506 178/631][nDPI Fingerprint: 7d566af7d9cf82d9648af572f48542b0][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d2010h2_2a284e3b0c56_f05fdf8c38a9][Safari][Plen Bins: 0,0,0,9,0,9,0,9,0,0,0,0,9,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,36,0,0]
27 TCP 192.168.1.6:60564 <-> 40.79.138.41:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI (partial)][FPC: 212/Microsoft, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][12 pkts/2159 bytes <-> 9 pkts/8211 bytes][Goodput ratio: 62/93][0.17 sec][Hostname/SNI: gate.hockeyapp.net][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.584 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/20 33/42 14/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 180/912 599/1506 176/631][nDPI Fingerprint: 7d566af7d9cf82d9648af572f48542b0][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d2010h2_2a284e3b0c56_f05fdf8c38a9][Safari][Plen Bins: 0,0,0,9,0,9,0,9,0,0,0,0,9,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,36,0,0]
28 TCP 192.168.1.6:60551 <-> 52.114.15.45:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 11][cat: Collaborative/15][Breed: Safe][13 pkts/2426 bytes <-> 11 pkts/7772 bytes][Goodput ratio: 70/92][0.88 sec][Hostname/SNI: trouter2-asse-a.trouter.teams.microsoft.com][bytes ratio: -0.524 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 70/90 207/235 82/92][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 187/707 1393/1506 353/636][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: *.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2][Subject: CN=*.trouter.teams.microsoft.com][Certificate SHA-1: DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4][Firefox][Validity: 2019-11-29 17:57:58 - 2021-11-29 17:57:58][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,24,0,7,7,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,31,0,0]
28 TCP 192.168.1.6:60551 <-> 52.114.15.45:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 11][cat: Collaborative/15][Breed: Acceptable][13 pkts/2426 bytes <-> 11 pkts/7772 bytes][Goodput ratio: 70/92][0.88 sec][Hostname/SNI: trouter2-asse-a.trouter.teams.microsoft.com][bytes ratio: -0.524 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 70/90 207/235 82/92][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 187/707 1393/1506 353/636][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: *.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2][Subject: CN=*.trouter.teams.microsoft.com][Certificate SHA-1: DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4][Firefox][Validity: 2019-11-29 17:57:58 - 2021-11-29 17:57:58][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,24,0,7,7,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,31,0,0]
29 TCP 192.168.1.6:60534 <-> 40.126.9.5:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 219/Microsoft365][Encrypted][Confidence: DPI][FPC: 219/Microsoft365, Confidence: IP address][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][15 pkts/2846 bytes <-> 10 pkts/7289 bytes][Goodput ratio: 64/91][0.20 sec][Hostname/SNI: login.microsoftonline.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.438 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/21 41/53 16/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 190/729 1471/1506 349/665][nDPI Fingerprint: 7d566af7d9cf82d9648af572f48542b0][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d2010h2_2a284e3b0c56_f05fdf8c38a9][Safari][Plen Bins: 9,9,0,18,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,36,0,0]
30 TCP 162.125.19.131:443 <-> 192.168.1.6:60344 [proto: 91/TLS][Stack: TLS][IP: 121/Dropbox][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 3][cat: Web/5][Breed: Safe][8 pkts/761 bytes <-> 8 pkts/9347 bytes][Goodput ratio: 31/94][0.12 sec][bytes ratio: -0.849 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/1 111/4 41/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 95/1168 299/1494 77/500][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,63,0,0,0]
31 TCP 192.168.1.6:60567 <-> 52.114.77.136:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][13 pkts/2389 bytes <-> 11 pkts/7293 bytes][Goodput ratio: 69/91][1.77 sec][Hostname/SNI: api.flightproxy.teams.microsoft.com][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/50 84/122 28/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 184/663 703/1506 228/665][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 0,16,0,16,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,16,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
32 TCP 192.168.1.6:60557 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 12][cat: Collaborative/15][Breed: Safe][12 pkts/2422 bytes <-> 13 pkts/7118 bytes][Goodput ratio: 72/90][0.17 sec][Hostname/SNI: teams.microsoft.com][bytes ratio: -0.492 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/14 91/79 27/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 202/548 954/1506 267/645][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Firefox][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,0,8,0,8,8,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
31 TCP 192.168.1.6:60567 <-> 52.114.77.136:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][13 pkts/2389 bytes <-> 11 pkts/7293 bytes][Goodput ratio: 69/91][1.77 sec][Hostname/SNI: api.flightproxy.teams.microsoft.com][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/50 84/122 28/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 184/663 703/1506 228/665][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 0,16,0,16,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,16,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
32 TCP 192.168.1.6:60557 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 12][cat: Collaborative/15][Breed: Acceptable][12 pkts/2422 bytes <-> 13 pkts/7118 bytes][Goodput ratio: 72/90][0.17 sec][Hostname/SNI: teams.microsoft.com][bytes ratio: -0.492 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/14 91/79 27/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 202/548 954/1506 267/645][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Firefox][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,0,8,0,8,8,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
33 UDP 93.71.110.205:16332 <-> 192.168.1.6:50016 [proto: 78.38/STUN.TeamsCall][Stack: STUN.TeamsCall][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.TeamsCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][Breed: Acceptable][30 pkts/5952 bytes <-> 7 pkts/3184 bytes][Goodput ratio: 79/91][2.72 sec][bytes ratio: 0.303 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 99/467 1167/1168 282/553][Pkt Len c2s/s2c min/avg/max/stddev: 80/80 198/455 1256/1256 284/507][Mapped IP/Port: 93.71.110.205:16332][PLAIN TEXT (SMnzNK)][Plen Bins: 0,8,60,18,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0]
34 TCP 192.168.1.6:50036 <-> 52.114.250.153:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 13][cat: Collaborative/15][Breed: Safe][17 pkts/1759 bytes <-> 13 pkts/7267 bytes][Goodput ratio: 46/90][3.92 sec][Hostname/SNI: 52.114.250.153][bytes ratio: -0.610 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 273/381 3619/3662 928/1094][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 103/559 289/1506 79/554][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.153 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][nDPI Fingerprint: 9a0007ae7d111b0357685510564bb3b6][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 11,11,0,11,0,18,5,5,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0]
35 TCP 192.168.1.6:60538 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][12 pkts/1791 bytes <-> 8 pkts/7215 bytes][Goodput ratio: 54/93][0.15 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.602 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/16 37/65 15/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 149/902 689/1506 176/629][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,10,0,10,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
36 TCP 192.168.1.6:60539 <-> 52.114.75.69:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][12 pkts/1773 bytes <-> 8 pkts/7189 bytes][Goodput ratio: 53/93][0.15 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/20 32/58 15/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 148/899 674/1506 171/632][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,10,0,10,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
37 TCP 192.168.1.6:50018 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][20 pkts/1629 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 29/90][1.92 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.626 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/18 69/92 24/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 81/546 241/1506 48/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
38 TCP 192.168.1.6:50021 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][18 pkts/1509 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 32/90][0.66 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.649 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/23 46/85 20/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 84/546 241/1506 50/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
39 TCP 192.168.1.6:50014 <-> 52.114.250.152:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 14][cat: Collaborative/15][Breed: Safe][14 pkts/1347 bytes <-> 11 pkts/6975 bytes][Goodput ratio: 42/91][0.22 sec][Hostname/SNI: 52.114.250.152][bytes ratio: -0.676 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/22 43/84 20/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96/634 289/1506 73/570][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.152 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][nDPI Fingerprint: 9a0007ae7d111b0357685510564bb3b6][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,14,0,14,0,14,0,7,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0]
34 TCP 192.168.1.6:50036 <-> 52.114.250.153:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 13][cat: Collaborative/15][Breed: Acceptable][17 pkts/1759 bytes <-> 13 pkts/7267 bytes][Goodput ratio: 46/90][3.92 sec][Hostname/SNI: 52.114.250.153][bytes ratio: -0.610 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 273/381 3619/3662 928/1094][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 103/559 289/1506 79/554][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.153 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][nDPI Fingerprint: 9a0007ae7d111b0357685510564bb3b6][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 11,11,0,11,0,18,5,5,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0]
35 TCP 192.168.1.6:60538 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][12 pkts/1791 bytes <-> 8 pkts/7215 bytes][Goodput ratio: 54/93][0.15 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.602 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/16 37/65 15/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 149/902 689/1506 176/629][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,10,0,10,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
36 TCP 192.168.1.6:60539 <-> 52.114.75.69:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][12 pkts/1773 bytes <-> 8 pkts/7189 bytes][Goodput ratio: 53/93][0.15 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/20 32/58 15/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 148/899 674/1506 171/632][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,10,0,10,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
37 TCP 192.168.1.6:50018 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][20 pkts/1629 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 29/90][1.92 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.626 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/18 69/92 24/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 81/546 241/1506 48/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
38 TCP 192.168.1.6:50021 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][18 pkts/1509 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 32/90][0.66 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.649 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/23 46/85 20/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 84/546 241/1506 50/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
39 TCP 192.168.1.6:50014 <-> 52.114.250.152:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 14][cat: Collaborative/15][Breed: Acceptable][14 pkts/1347 bytes <-> 11 pkts/6975 bytes][Goodput ratio: 42/91][0.22 sec][Hostname/SNI: 52.114.250.152][bytes ratio: -0.676 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/22 43/84 20/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96/634 289/1506 73/570][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.152 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][nDPI Fingerprint: 9a0007ae7d111b0357685510564bb3b6][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,14,0,14,0,14,0,7,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0]
40 TCP 192.168.1.6:60566 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][Stack: TLS.ntop][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 6][cat: Network/14][Breed: Safe][9 pkts/3029 bytes <-> 8 pkts/2213 bytes][Goodput ratio: 80/76][2.73 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 351/431 1977/2053 668/728][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/277 1012/1291 385/397][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][nDPI Fingerprint: c065e46d9db9a0ceb94dd29c4017c325][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0]
41 TCP 192.168.1.6:60546 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][Stack: TLS.ntop][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 6][cat: Network/14][Breed: Safe][10 pkts/2195 bytes <-> 10 pkts/2077 bytes][Goodput ratio: 69/68][5.38 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 650/754 5000/5000 1645/1734][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/208 1021/1292 308/364][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][nDPI Fingerprint: c065e46d9db9a0ceb94dd29c4017c325][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0]
42 UDP 192.168.1.6:50036 <-> 52.114.250.137:3478 [proto: 78.38/STUN.TeamsCall][Stack: STUN.TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.TeamsCall, Confidence: DPI][DPI packets: 7][cat: VoIP/10][Breed: Acceptable][5 pkts/1390 bytes <-> 4 pkts/733 bytes][Goodput ratio: 85/77][4.06 sec][bytes ratio: 0.309 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/100 1003/774 2235/2092 994/932][Pkt Len c2s/s2c min/avg/max/stddev: 228/174 278/183 314/198 33/10][Mapped IP/Port: 93.71.110.205:16333][Peer IP/Port: 18.140.192.228:28678][PLAIN TEXT (rtcmedia)][Plen Bins: 0,0,0,0,44,11,11,11,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

2
tests/cfgs/default/result/telegram.pcap.out
View file

@ -33,10 +33,10 @@ Google 6 5708 2
Spotify 9 742 2
Telegram 908 185304 12
Unrated 306 72708 3
Acceptable 1250 263132 42
Fun 9 742 2
Dangerous 1 243 1
Unrated 306 72708 3
Unspecified 306 72708 3
Web 6 5708 2

4
tests/cfgs/default/result/tls_alert.pcap.out
View file

@ -24,7 +24,7 @@ TLS 7 533 1
Google 11 952 1
Safe 7 533 1
Acceptable 11 952 1
Tracker_Ads 11 952 1
Web 7 533 1
Advertisement 11 952 1
@ -34,5 +34,5 @@ JA Host Stats:
1 192.168.1.192 1
1 TCP 192.168.1.192:63158 <-> 192.168.1.20:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 11][cat: Advertisement/101][Breed: Acceptable][6 pkts/607 bytes <-> 5 pkts/345 bytes][Goodput ratio: 33/2][0.00 sec][Hostname/SNI: www.google-analytics.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: 0.275 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/69 265/74 73/4][Risk: ** Obsolete TLS (v1.1 or older) **** TLS Fatal Alert **][Risk Score: 110][Risk Info: Found fatal TLS alert / TLSv1][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1][JA4: t10d0909h2_61c4dbd01224_cc731f12afbb][Plen Bins: 50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
1 TCP 192.168.1.192:63158 <-> 192.168.1.20:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 11][cat: Advertisement/101][Breed: Tracker_Ads][6 pkts/607 bytes <-> 5 pkts/345 bytes][Goodput ratio: 33/2][0.00 sec][Hostname/SNI: www.google-analytics.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: 0.275 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 101/69 265/74 73/4][Risk: ** Obsolete TLS (v1.1 or older) **** TLS Fatal Alert **][Risk Score: 110][Risk Info: Found fatal TLS alert / TLSv1][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1][JA4: t10d0909h2_61c4dbd01224_cc731f12afbb][Plen Bins: 50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 TCP 192.168.2.100:37780 -> 160.44.202.202:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][Breed: Safe][7 pkts/533 bytes -> 0 pkts/0 bytes][Goodput ratio: 29/0][3.67 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3/0 612/0 1878/0 656/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/0 76/0 85/0 14/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

24
tests/cfgs/default/result/tls_certificate_too_long.pcap.out
View file

@ -34,9 +34,9 @@ IGMP 2 92 2
TLS 136 54497 5
Microsoft 113 46265 10
Safe 249 100762 15
Acceptable 53 6650 19
Unrated 13 5582 1
Safe 136 54497 5
Acceptable 166 52915 29
Unspecified 13 5582 1
Web 227 94723 13
@ -51,16 +51,16 @@ JA Host Stats:
1 TCP 192.168.1.121:53428 <-> 52.98.163.18:443 [proto: 91/TLS][Stack: TLS][IP: 21/Outlook][Encrypted][Confidence: DPI][FPC: 21/Outlook, Confidence: IP address][DPI packets: 6][cat: Web/5][Breed: Safe][29 pkts/21518 bytes <-> 43 pkts/11702 bytes][Goodput ratio: 93/80][0.38 sec][bytes ratio: 0.295 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/7 67/51 19/15][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 742/272 1502/1366 612/367][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 0,35,7,0,3,5,3,1,0,1,0,0,3,0,0,0,0,0,0,0,3,0,0,0,0,0,0,10,0,1,0,0,1,0,0,0,0,0,3,0,3,1,0,0,0,15,0,0]
2 TCP 192.168.1.121:53429 <-> 52.98.163.18:443 [proto: 91/TLS][Stack: TLS][IP: 21/Outlook][Encrypted][Confidence: DPI][FPC: 21/Outlook, Confidence: IP address][DPI packets: 8][cat: Web/5][Breed: Safe][16 pkts/10693 bytes <-> 38 pkts/9863 bytes][Goodput ratio: 92/79][0.15 sec][bytes ratio: 0.040 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/3 17/42 5/9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 668/260 1502/1372 596/276][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 0,20,2,2,2,0,29,17,2,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,4,0,0,2,0,0,0,0,0,0,0,0,0,2,2,0,0,0,9,0,0]
3 TCP 192.168.1.121:53911 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][Stack: TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 212/Microsoft, Confidence: DNS][DPI packets: 7][cat: Web/5][Breed: Safe][7 pkts/919 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 56/93][0.25 sec][Hostname/SNI: wdcp.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.637 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/17 51/50 25/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 131/829 571/1502 180/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][nDPI Fingerprint: 34597e73b20c9f336f0a0716b81c8920][TCP Fingerprint: 2_64_65535_d29295416479/macOS][TLSv1.2][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
4 TCP 192.168.1.121:53915 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][Stack: TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 212/Microsoft, Confidence: DNS][DPI packets: 8][cat: Web/5][Breed: Safe][7 pkts/919 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 56/93][0.16 sec][Hostname/SNI: wdcp.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.637 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/18 53/53 25/25][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 131/829 571/1502 180/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][nDPI Fingerprint: 34597e73b20c9f336f0a0716b81c8920][TCP Fingerprint: 2_64_65535_d29295416479/macOS][TLSv1.2][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
5 TCP 192.168.1.121:53916 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][Stack: TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 212/Microsoft, Confidence: DNS][DPI packets: 9][cat: Web/5][Breed: Safe][7 pkts/919 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 56/93][0.19 sec][Hostname/SNI: wdcp.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.637 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/17 51/50 25/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 131/829 571/1502 180/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][nDPI Fingerprint: 34597e73b20c9f336f0a0716b81c8920][TCP Fingerprint: 2_64_65535_d29295416479/macOS][TLSv1.2][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
6 TCP 192.168.1.121:53910 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][Stack: TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 212/Microsoft, Confidence: DNS][DPI packets: 7][cat: Web/5][Breed: Safe][6 pkts/865 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 60/93][0.28 sec][Hostname/SNI: wdcp.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.655 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 47/16 138/48 50/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 144/829 571/1502 191/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][nDPI Fingerprint: 34597e73b20c9f336f0a0716b81c8920][TCP Fingerprint: 2_64_65535_d29295416479/macOS][TLSv1.2][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
7 TCP 192.168.1.121:53914 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][Stack: TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 212/Microsoft, Confidence: DNS][DPI packets: 7][cat: Web/5][Breed: Safe][6 pkts/865 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 60/93][0.15 sec][Hostname/SNI: wdcp.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.655 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/16 48/48 22/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 144/829 571/1502 191/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][nDPI Fingerprint: 34597e73b20c9f336f0a0716b81c8920][TCP Fingerprint: 2_64_65535_d29295416479/macOS][TLSv1.2][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
8 TCP 192.168.1.121:53917 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][Stack: TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 212/Microsoft, Confidence: DNS][DPI packets: 7][cat: Web/5][Breed: Safe][6 pkts/865 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 60/93][0.16 sec][Hostname/SNI: wdcp.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.655 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/17 50/50 22/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 144/829 571/1502 191/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][nDPI Fingerprint: 34597e73b20c9f336f0a0716b81c8920][TCP Fingerprint: 2_64_65535_d29295416479/macOS][TLSv1.2][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
9 TCP 192.168.1.121:53918 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][Stack: TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 212/Microsoft, Confidence: DNS][DPI packets: 7][cat: Web/5][Breed: Safe][6 pkts/865 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 60/93][0.16 sec][Hostname/SNI: wdcp.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.655 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/17 51/51 23/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 144/829 571/1502 191/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][nDPI Fingerprint: 34597e73b20c9f336f0a0716b81c8920][TCP Fingerprint: 2_64_65535_d29295416479/macOS][TLSv1.2][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
10 TCP 192.168.1.121:53919 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][Stack: TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 212/Microsoft, Confidence: DNS][DPI packets: 7][cat: Web/5][Breed: Safe][6 pkts/865 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 60/93][0.16 sec][Hostname/SNI: wdcp.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.655 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/16 48/48 21/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 144/829 571/1502 191/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][nDPI Fingerprint: 34597e73b20c9f336f0a0716b81c8920][TCP Fingerprint: 2_64_65535_d29295416479/macOS][TLSv1.2][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
11 TCP 192.168.1.121:53913 <-> 2.22.33.235:80 [proto: 7.212/HTTP.Microsoft][Stack: HTTP.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 212/Microsoft, Confidence: DNS][DPI packets: 6][cat: Download/7][Breed: Safe][6 pkts/621 bytes <-> 5 pkts/2517 bytes][Goodput ratio: 34/87][0.04 sec][Hostname/SNI: www.microsoft.com][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/7 20/11 8/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 104/503 279/1502 79/576][URL: www.microsoft.com/pkiops/certs/MicSecSerCA2011_2011-10-18.crt][StatusCode: 200][Content-Type: application/octet-stream][User-Agent: com.apple.trustd/2.0][Risk: ** HTTP Susp Header **** Binary File/Data Transfer (Attempt) **][Risk Score: 150][Risk Info: Found binary mime octet-stream / Found TLS_version: UNKNOWN][TCP Fingerprint: 2_64_65535_d29295416479/macOS][PLAIN TEXT (GET /pkiops/certs/MicSecSerCA)][Plen Bins: 0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0]
12 TCP 192.168.1.121:53912 <-> 2.22.33.235:80 [proto: 7.212/HTTP.Microsoft][Stack: HTTP.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Download/7][Breed: Safe][6 pkts/619 bytes <-> 5 pkts/2282 bytes][Goodput ratio: 34/85][0.05 sec][Hostname/SNI: www.microsoft.com][bytes ratio: -0.573 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/7 21/11 8/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/456 277/1502 78/558][URL: www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt][StatusCode: 200][Content-Type: application/octet-stream][User-Agent: com.apple.trustd/2.0][Risk: ** HTTP Susp Header **** Binary File/Data Transfer (Attempt) **][Risk Score: 150][Risk Info: Found binary mime octet-stream / Found TLS_version: UNKNOWN][TCP Fingerprint: 2_64_65535_d29295416479/macOS][PLAIN TEXT (GET /pki/certs/MicRooCerAut)][Plen Bins: 0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0]
3 TCP 192.168.1.121:53911 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][Stack: TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 212/Microsoft, Confidence: DNS][DPI packets: 7][cat: Web/5][Breed: Acceptable][7 pkts/919 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 56/93][0.25 sec][Hostname/SNI: wdcp.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.637 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/17 51/50 25/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 131/829 571/1502 180/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][nDPI Fingerprint: 34597e73b20c9f336f0a0716b81c8920][TCP Fingerprint: 2_64_65535_d29295416479/macOS][TLSv1.2][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
4 TCP 192.168.1.121:53915 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][Stack: TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 212/Microsoft, Confidence: DNS][DPI packets: 8][cat: Web/5][Breed: Acceptable][7 pkts/919 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 56/93][0.16 sec][Hostname/SNI: wdcp.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.637 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/18 53/53 25/25][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 131/829 571/1502 180/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][nDPI Fingerprint: 34597e73b20c9f336f0a0716b81c8920][TCP Fingerprint: 2_64_65535_d29295416479/macOS][TLSv1.2][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
5 TCP 192.168.1.121:53916 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][Stack: TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 212/Microsoft, Confidence: DNS][DPI packets: 9][cat: Web/5][Breed: Acceptable][7 pkts/919 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 56/93][0.19 sec][Hostname/SNI: wdcp.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.637 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/17 51/50 25/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 131/829 571/1502 180/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][nDPI Fingerprint: 34597e73b20c9f336f0a0716b81c8920][TCP Fingerprint: 2_64_65535_d29295416479/macOS][TLSv1.2][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
6 TCP 192.168.1.121:53910 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][Stack: TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 212/Microsoft, Confidence: DNS][DPI packets: 7][cat: Web/5][Breed: Acceptable][6 pkts/865 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 60/93][0.28 sec][Hostname/SNI: wdcp.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.655 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 47/16 138/48 50/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 144/829 571/1502 191/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][nDPI Fingerprint: 34597e73b20c9f336f0a0716b81c8920][TCP Fingerprint: 2_64_65535_d29295416479/macOS][TLSv1.2][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
7 TCP 192.168.1.121:53914 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][Stack: TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 212/Microsoft, Confidence: DNS][DPI packets: 7][cat: Web/5][Breed: Acceptable][6 pkts/865 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 60/93][0.15 sec][Hostname/SNI: wdcp.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.655 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/16 48/48 22/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 144/829 571/1502 191/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][nDPI Fingerprint: 34597e73b20c9f336f0a0716b81c8920][TCP Fingerprint: 2_64_65535_d29295416479/macOS][TLSv1.2][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
8 TCP 192.168.1.121:53917 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][Stack: TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 212/Microsoft, Confidence: DNS][DPI packets: 7][cat: Web/5][Breed: Acceptable][6 pkts/865 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 60/93][0.16 sec][Hostname/SNI: wdcp.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.655 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/17 50/50 22/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 144/829 571/1502 191/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][nDPI Fingerprint: 34597e73b20c9f336f0a0716b81c8920][TCP Fingerprint: 2_64_65535_d29295416479/macOS][TLSv1.2][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
9 TCP 192.168.1.121:53918 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][Stack: TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 212/Microsoft, Confidence: DNS][DPI packets: 7][cat: Web/5][Breed: Acceptable][6 pkts/865 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 60/93][0.16 sec][Hostname/SNI: wdcp.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.655 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 21/17 51/51 23/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 144/829 571/1502 191/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][nDPI Fingerprint: 34597e73b20c9f336f0a0716b81c8920][TCP Fingerprint: 2_64_65535_d29295416479/macOS][TLSv1.2][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
10 TCP 192.168.1.121:53919 <-> 40.113.10.47:443 [proto: 91.212/TLS.Microsoft][Stack: TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 212/Microsoft, Confidence: DNS][DPI packets: 7][cat: Web/5][Breed: Acceptable][6 pkts/865 bytes <-> 5 pkts/4143 bytes][Goodput ratio: 60/93][0.16 sec][Hostname/SNI: wdcp.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.655 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/16 48/48 21/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 144/829 571/1502 191/652][Risk: ** TLS Cert Validity Too Long **][Risk Score: 50][Risk Info: TLS Cert lasts 455 days][nDPI Fingerprint: 34597e73b20c9f336f0a0716b81c8920][TCP Fingerprint: 2_64_65535_d29295416479/macOS][TLSv1.2][JA4: t13d2613h2_2802a3db6c62_845d286b0d67][ServerNames: wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com][JA3S: 17e97216fa7f4ec8c43090c6eed97c25][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com][Certificate SHA-1: 81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22][Safari][Validity: 2020-12-10 19:38:28 - 2022-03-10 19:38:28][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]
11 TCP 192.168.1.121:53913 <-> 2.22.33.235:80 [proto: 7.212/HTTP.Microsoft][Stack: HTTP.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 212/Microsoft, Confidence: DNS][DPI packets: 6][cat: Download/7][Breed: Acceptable][6 pkts/621 bytes <-> 5 pkts/2517 bytes][Goodput ratio: 34/87][0.04 sec][Hostname/SNI: www.microsoft.com][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/7 20/11 8/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 104/503 279/1502 79/576][URL: www.microsoft.com/pkiops/certs/MicSecSerCA2011_2011-10-18.crt][StatusCode: 200][Content-Type: application/octet-stream][User-Agent: com.apple.trustd/2.0][Risk: ** HTTP Susp Header **** Binary File/Data Transfer (Attempt) **][Risk Score: 150][Risk Info: Found binary mime octet-stream / Found TLS_version: UNKNOWN][TCP Fingerprint: 2_64_65535_d29295416479/macOS][PLAIN TEXT (GET /pkiops/certs/MicSecSerCA)][Plen Bins: 0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0]
12 TCP 192.168.1.121:53912 <-> 2.22.33.235:80 [proto: 7.212/HTTP.Microsoft][Stack: HTTP.Microsoft][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Download/7][Breed: Acceptable][6 pkts/619 bytes <-> 5 pkts/2282 bytes][Goodput ratio: 34/85][0.05 sec][Hostname/SNI: www.microsoft.com][bytes ratio: -0.573 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/7 21/11 8/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 103/456 277/1502 78/558][URL: www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt][StatusCode: 200][Content-Type: application/octet-stream][User-Agent: com.apple.trustd/2.0][Risk: ** HTTP Susp Header **** Binary File/Data Transfer (Attempt) **][Risk Score: 150][Risk Info: Found binary mime octet-stream / Found TLS_version: UNKNOWN][TCP Fingerprint: 2_64_65535_d29295416479/macOS][PLAIN TEXT (GET /pki/certs/MicRooCerAut)][Plen Bins: 0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0]
13 UDP 192.168.1.121:52251 <-> 8.8.8.8:53 [proto: 5/DNS][Stack: DNS][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 5][cat: Network/14][Breed: Acceptable][8 pkts/767 bytes <-> 8 pkts/1085 bytes][Goodput ratio: 56/69][1.01 sec][Hostname/SNI: 60.21.149.52.in-addr.arpa][0.0.0.0][DNS Id: 0xaa4b][bytes ratio: -0.172 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 165/2 988/5 368/2][Pkt Len c2s/s2c min/avg/max/stddev: 80/86 96/136 132/196 21/42][Risk: ** Error Code **][Risk Score: 10][Risk Info: DNS Error Code NXDOMAIN][PLAIN TEXT (msnhst)][Plen Bins: 0,57,18,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
14 UDP 192.168.1.121:51998 <-> 8.8.8.8:53 [proto: 5/DNS][Stack: DNS][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 3][cat: Network/14][Breed: Acceptable][3 pkts/255 bytes <-> 3 pkts/449 bytes][Goodput ratio: 50/72][1.02 sec][Hostname/SNI: 235.33.22.2.in-addr.arpa][0.0.0.0][DNS Id: 0xa2d1][DNS Ptr: a2-22-33-235.deploy.static.akamaitechnologies.com][bytes ratio: -0.276 (Download)][IAT c2s/s2c min/avg/max/stddev: 999/996 500/498 999/996 500/498][Pkt Len c2s/s2c min/avg/max/stddev: 84/131 85/150 86/171 1/16][PLAIN TEXT (deploy)][Plen Bins: 0,51,16,16,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
15 UDP 192.168.1.121:5353 -> 192.168.1.139:5353 [proto: 8/MDNS][Stack: MDNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 8/MDNS, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/383 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][< 1 sec][Hostname/SNI: _companion-link._tcp.local][_companion-link._tcp.local][PLAIN TEXT (companion)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

2
tests/cfgs/default/result/tls_heur__shadowsocks-tcp.pcapng.out
View file

@ -27,9 +27,9 @@ DNS 4 772 1
YouTube 41 36148 1
SOCKS 30 21330 1
Unrated 25 22923 1
Acceptable 34 22102 2
Fun 41 36148 1
Unrated 25 22923 1
Unspecified 25 22923 1
Media 41 36148 1

2
tests/cfgs/default/result/tls_heur__vmess-tcp.pcapng.out
View file

@ -27,9 +27,9 @@ DNS 4 900 1
YouTube 37 24955 1
SOCKS 30 21345 1
Unrated 29 22543 1
Acceptable 34 22245 2
Fun 37 24955 1
Unrated 29 22543 1
Unspecified 29 22543 1
Media 37 24955 1

6
tests/cfgs/default/result/tor-browser.pcap.out
View file

@ -28,8 +28,8 @@ TLS 2 168 1
Tor 113 57510 5
Microsoft 29 10820 1
Safe 31 10988 2
Acceptable 21 10489 2
Safe 2 168 1
Acceptable 50 21309 3
Potentially_Dangerous 113 57510 5
VPN 113 57510 5
@ -43,7 +43,7 @@ JA Host Stats:
1 TCP 192.168.0.123:64623 <-> 86.3.18.251:443 [proto: 91.163/TLS.Tor][Stack: TLS.Tor][IP: 163/Tor][Encrypted][Confidence: DPI][FPC: 163/Tor, Confidence: IP address][DPI packets: 6][cat: VPN/2][Breed: Potentially_Dangerous][21 pkts/11828 bytes <-> 26 pkts/12847 bytes][Goodput ratio: 90/89][4.45 sec][Hostname/SNI: www.sodinn6.com][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.041 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 248/190 2373/2352 553/486][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 563/494 2132/1414 515/421][Risk: ** TLS (probably) Not Carrying HTTPS **** Unsafe Protocol **][Risk Score: 20][Risk Info: No ALPN][nDPI Fingerprint: 9159a3758e381345a070820d5342374c][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][TLSv1.3][JA4: t13d181100_6c2ba73853a4_d41ae481755e][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,2,8,0,0,0,2,0,0,0,0,0,0,0,0,0,67,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,2,2,0,0,2,0,0,0,0,0,5,0,0,0,0,5]
2 TCP 192.168.0.123:64624 <-> 178.17.170.254:443 [proto: 91.163/TLS.Tor][Stack: TLS.Tor][IP: 163/Tor][Encrypted][Confidence: DPI][FPC: 163/Tor, Confidence: IP address][DPI packets: 6][cat: VPN/2][Breed: Potentially_Dangerous][16 pkts/9928 bytes <-> 19 pkts/10825 bytes][Goodput ratio: 91/90][1.05 sec][Hostname/SNI: www.2xik.com][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.043 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 60/59 96/101 29/29][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 620/570 2132/1414 589/475][Risk: ** TLS (probably) Not Carrying HTTPS **** Unsafe Protocol **][Risk Score: 20][Risk Info: No ALPN][nDPI Fingerprint: 9159a3758e381345a070820d5342374c][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][TLSv1.3][JA4: t13d181100_6c2ba73853a4_d41ae481755e][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,3,11,0,0,0,3,0,0,0,0,0,0,0,0,0,45,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,7,7,0,0,3,0,0,0,0,0,7,0,0,0,0,7]
3 TCP 192.168.0.123:64613 <-> 172.211.159.152:443 [proto: 91.212/TLS.Microsoft][Stack: TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 212/Microsoft, Confidence: DNS][DPI packets: 13][cat: Web/5][Breed: Safe][15 pkts/3053 bytes <-> 14 pkts/7767 bytes][Goodput ratio: 73/90][0.15 sec][Hostname/SNI: checkappexec.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.436 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/7 30/40 12/14][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 204/555 1553/1414 369/578][nDPI Fingerprint: ca8f8226eec7026224af3e1aa3edc1aa][TCP Fingerprint: 2_128_65535_6bb88f5575fd/Windows][TLSv1.2][JA4: t12d1909h2_d83cc789557e_7af1ed941c26][ServerNames: smartscreen.microsoft.com,*.wds.microsoft.com,*.urs.microsoft.com,*.smartscreen.microsoft.com,apprep.smartscreen.microsoft.com,beta.apprep.smartscreen.microsoft.com,beta.w.apprep.smartscreen.microsoft.com,w.apprep.smartscreen.microsoft.com,urs.microsoft.com,beta.urs.microsoft.com,c.urs.microsoft.com,i.apprep.smartscreen.microsoft.com,i.w.apprep.smartscreen.microsoft.com,t.urs.microsoft.com,beta.t.urs.microsoft.com,telemetry.urs.microsoft.com,d.urs.microsoft.com,x.urs.microsoft.com,p.urs.microsoft.com,api.smartscreen.microsoft.com,urs.smartscreen.microsoft.com,ars.smartscreen.microsoft.com,cp.smartscreen.microsoft.com,checkappexec.microsoft.com,data.checkappexec.microsoft.com,ping.checkappexec.microsoft.com,t.checkappexec.microsoft.com,pf.checkappexec.microsoft.com,sl.smartscreen.microsoft.com,ping.smartscreen.microsoft.com,nf.smartscreen.microsoft.com,data.nf.smartscreen.microsoft.com,ping.nf.smartscreen.microsoft.com,t.nf.smartscreen.microsoft.com,nav.smartscreen.microsoft.com,data.nav.smartscreen.microsoft.com,ping.nav.smartscreen.microsoft.com,t.nav.smartscreen.microsoft.com,bf.smartscreen.microsoft.com,t.bf.smartscreen.microsoft.com,smartscreen-prod.microsoft.com,*.smartscreen-prod.microsoft.com][JA3S: 00447ab319e9d94ba2b4c1248e155917][Issuer: C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 04][Subject: C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=smartscreen.microsoft.com][Certificate SHA-1: 83:0D:87:5A:F6:F1:FA:DC:94:4D:7E:AD:7C:8B:71:47:6A:BB:DC:2B][Firefox][Validity: 2025-01-16 14:02:54 - 2025-07-15 14:02:54][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 5,18,18,0,0,0,5,0,5,5,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,5,0]
3 TCP 192.168.0.123:64613 <-> 172.211.159.152:443 [proto: 91.212/TLS.Microsoft][Stack: TLS.Microsoft][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 212/Microsoft, Confidence: DNS][DPI packets: 13][cat: Web/5][Breed: Acceptable][15 pkts/3053 bytes <-> 14 pkts/7767 bytes][Goodput ratio: 73/90][0.15 sec][Hostname/SNI: checkappexec.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.436 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/7 30/40 12/14][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 204/555 1553/1414 369/578][nDPI Fingerprint: ca8f8226eec7026224af3e1aa3edc1aa][TCP Fingerprint: 2_128_65535_6bb88f5575fd/Windows][TLSv1.2][JA4: t12d1909h2_d83cc789557e_7af1ed941c26][ServerNames: smartscreen.microsoft.com,*.wds.microsoft.com,*.urs.microsoft.com,*.smartscreen.microsoft.com,apprep.smartscreen.microsoft.com,beta.apprep.smartscreen.microsoft.com,beta.w.apprep.smartscreen.microsoft.com,w.apprep.smartscreen.microsoft.com,urs.microsoft.com,beta.urs.microsoft.com,c.urs.microsoft.com,i.apprep.smartscreen.microsoft.com,i.w.apprep.smartscreen.microsoft.com,t.urs.microsoft.com,beta.t.urs.microsoft.com,telemetry.urs.microsoft.com,d.urs.microsoft.com,x.urs.microsoft.com,p.urs.microsoft.com,api.smartscreen.microsoft.com,urs.smartscreen.microsoft.com,ars.smartscreen.microsoft.com,cp.smartscreen.microsoft.com,checkappexec.microsoft.com,data.checkappexec.microsoft.com,ping.checkappexec.microsoft.com,t.checkappexec.microsoft.com,pf.checkappexec.microsoft.com,sl.smartscreen.microsoft.com,ping.smartscreen.microsoft.com,nf.smartscreen.microsoft.com,data.nf.smartscreen.microsoft.com,ping.nf.smartscreen.microsoft.com,t.nf.smartscreen.microsoft.com,nav.smartscreen.microsoft.com,data.nav.smartscreen.microsoft.com,ping.nav.smartscreen.microsoft.com,t.nav.smartscreen.microsoft.com,bf.smartscreen.microsoft.com,t.bf.smartscreen.microsoft.com,smartscreen-prod.microsoft.com,*.smartscreen-prod.microsoft.com][JA3S: 00447ab319e9d94ba2b4c1248e155917][Issuer: C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 04][Subject: C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=smartscreen.microsoft.com][Certificate SHA-1: 83:0D:87:5A:F6:F1:FA:DC:94:4D:7E:AD:7C:8B:71:47:6A:BB:DC:2B][Firefox][Validity: 2025-01-16 14:02:54 - 2025-07-15 14:02:54][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 5,18,18,0,0,0,5,0,5,5,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,5,0]
4 ICMP 192.168.0.16:0 -> 192.168.0.123:0 [proto: 81/ICMP][Stack: ICMP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][19 pkts/10194 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][23.29 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 6/0 1228/0 7220/0 1704/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 537/0 590/0 156/0][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Entropy: 4.948 (Executable?)][PLAIN TEXT ( www.v2)][Plen Bins: 0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,89,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 TCP 192.168.0.123:64622 <-> 178.17.170.254:443 [proto: 91.163/TLS.Tor][Stack: TLS.Tor][IP: 163/Tor][Encrypted][Confidence: DPI][FPC: 163/Tor, Confidence: IP address][DPI packets: 13][cat: VPN/2][Breed: Potentially_Dangerous][12 pkts/5313 bytes <-> 1 pkts/62 bytes][Goodput ratio: 88/0][21.70 sec][Hostname/SNI: www.v2trefdg62xsck3upw2iad5y.com][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.977 (Upload)][IAT c2s/s2c min/avg/max/stddev: 14/0 1929/0 9605/0 2882/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/62 443/62 571/62 222/0][Risk: ** TLS (probably) Not Carrying HTTPS **** Susp DGA Domain name **** Unsafe Protocol **][Risk Score: 120][Risk Info: v2trefdg62xsck3upw2iad5y.com / No ALPN][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][TLSv1.2][JA4: t13d181100_6c2ba73853a4_d41ae481755e][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 TCP 192.168.0.123:64621 <-> 86.3.18.251:443 [proto: 91.163/TLS.Tor][Stack: TLS.Tor][IP: 163/Tor][Encrypted][Confidence: DPI][FPC: 163/Tor, Confidence: IP address][DPI packets: 11][cat: VPN/2][Breed: Potentially_Dangerous][10 pkts/4171 bytes <-> 1 pkts/66 bytes][Goodput ratio: 87/0][19.33 sec][Hostname/SNI: www.w2f34byk6sroic.com][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.969 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1214/0 4813/0 1548/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 417/66 571/66 235/0][Risk: ** TLS (probably) Not Carrying HTTPS **** Susp DGA Domain name **** Unsafe Protocol **][Risk Score: 120][Risk Info: w2f34byk6sroic.com / No ALPN][TCP Fingerprint: 2_128_64240_6bb88f5575fd/Windows][TLSv1.2][JA4: t13d181100_6c2ba73853a4_d41ae481755e][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

7
tests/cfgs/default/result/tumblr.pcap.out
View file

@ -29,9 +29,10 @@ TLS 470 181062 42
Google 107 85437 1
GoogleServices 63 44980 1
Safe 501 190995 43
Safe 447 173873 41
Acceptable 170 130417 2
Fun 84 38260 2
Tracker_Ads 54 17122 2
Web 617 304290 43
SocialNetwork 84 38260 2
@ -51,10 +52,10 @@ JA Host Stats:
7 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56794 <-> [64:ff9b::c000:4d03]:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 13][cat: Web/5][Breed: Safe][19 pkts/2795 bytes <-> 24 pkts/15989 bytes][Goodput ratio: 42/87][0.06 sec][bytes ratio: -0.702 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/1 26/10 7/3][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 147/666 340/1486 72/675][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 26,10,3,10,10,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,33,0,0,0,0]
8 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:42908 <-> [64:ff9b::98c7:1593]:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 7][cat: Web/5][Breed: Safe][16 pkts/1983 bytes <-> 18 pkts/15822 bytes][Goodput ratio: 31/90][1.30 sec][bytes ratio: -0.777 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 108/76 700/700 209/196][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 124/879 468/1486 93/651][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 5,22,0,5,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,51,0,0,0,0]
9 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:43420 <-> [64:ff9b::c000:4d28]:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 5][cat: Web/5][Breed: Safe][15 pkts/1601 bytes <-> 16 pkts/13434 bytes][Goodput ratio: 19/90][0.05 sec][bytes ratio: -0.787 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/2 37/10 10/3][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 107/840 246/1486 53/668][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 25,6,0,0,6,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0]
10 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39152 <-> [64:ff9b::6006:749]:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][Breed: Safe][18 pkts/5773 bytes <-> 17 pkts/6416 bytes][Goodput ratio: 73/77][17.45 sec][Hostname/SNI: sb.scorecardresearch.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.053 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/6 1233/1326 16556/16588 4251/4407][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 321/377 850/1365 296/411][nDPI Fingerprint: c319a473134b5a21339cf22e7be4e8db][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_0ece2fe8a3fb][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,6,0,0,0,0,0,25,0,0,0,0,12,0,0,0,6,12,6,0,0,0,12,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,0,0,0,0,0,0,0]
10 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39152 <-> [64:ff9b::6006:749]:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][Breed: Tracker_Ads][18 pkts/5773 bytes <-> 17 pkts/6416 bytes][Goodput ratio: 73/77][17.45 sec][Hostname/SNI: sb.scorecardresearch.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.053 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/6 1233/1326 16556/16588 4251/4407][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 321/377 850/1365 296/411][nDPI Fingerprint: c319a473134b5a21339cf22e7be4e8db][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_0ece2fe8a3fb][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,6,0,0,0,0,0,25,0,0,0,0,12,0,0,0,6,12,6,0,0,0,12,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,6,0,0,0,0,0,0,0,0]
11 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:47118 <-> [2001:4998:14:800::1001]:443 [proto: 91.70/TLS.Yahoo][Stack: TLS.Yahoo][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Safe][16 pkts/2550 bytes <-> 15 pkts/7383 bytes][Goodput ratio: 46/82][0.57 sec][Hostname/SNI: cookiex.ngd.yahoo.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.487 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/48 315/282 83/84][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 159/492 603/1474 154/531][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 7,14,14,0,0,0,0,0,14,0,0,0,0,7,0,0,7,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,14,0,0,0,0]
12 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:56842 <-> [64:ff9b::c000:4d03]:443 [proto: 91.90/TLS.Tumblr][Stack: TLS.Tumblr][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: SocialNetwork/6][Breed: Fun][12 pkts/2375 bytes <-> 10 pkts/6485 bytes][Goodput ratio: 56/87][0.15 sec][Hostname/SNI: 64.media.tumblr.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.464 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/18 59/70 22/24][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 198/648 603/1486 170/664][nDPI Fingerprint: e7d997f1812c00ea2b3e8849a6f02bf8][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_de4a06bb82e3][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,20,10,0,0,0,0,0,0,20,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,30,0,0,0,0]
13 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39164 <-> [64:ff9b::6006:749]:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][Breed: Safe][10 pkts/2724 bytes <-> 9 pkts/2209 bytes][Goodput ratio: 68/65][0.19 sec][Hostname/SNI: sb.scorecardresearch.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.104 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/23 56/53 21/18][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 272/245 706/686 267/200][nDPI Fingerprint: c319a473134b5a21339cf22e7be4e8db][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_0ece2fe8a3fb][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,12,0,0,0,0,0,37,0,0,0,0,0,0,0,0,12,25,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
13 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39164 <-> [64:ff9b::6006:749]:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][Breed: Tracker_Ads][10 pkts/2724 bytes <-> 9 pkts/2209 bytes][Goodput ratio: 68/65][0.19 sec][Hostname/SNI: sb.scorecardresearch.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.104 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/23 56/53 21/18][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 272/245 706/686 267/200][nDPI Fingerprint: c319a473134b5a21339cf22e7be4e8db][TCP Fingerprint: 2_64_64800_83b2f9a5576c/Linux][TLSv1.3][JA4: t13d1515h2_8daaf6152771_0ece2fe8a3fb][JA3S: 2253c82f03b621c5144709b393fde2c9][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,12,0,0,0,0,0,37,0,0,0,0,0,0,0,0,12,25,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
14 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51874 <-> [64:ff9b::c000:4c03]:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 5][cat: Web/5][Breed: Safe][14 pkts/1971 bytes <-> 14 pkts/1808 bytes][Goodput ratio: 39/33][17.08 sec][bytes ratio: 0.043 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1544/33 16623/194 4769/64][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 141/129 243/205 64/49][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 0,28,0,42,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
15 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:57286 <-> [64:ff9b::8fcc:d927]:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 5][cat: Web/5][Breed: Safe][5 pkts/1152 bytes <-> 4 pkts/910 bytes][Goodput ratio: 63/62][0.20 sec][bytes ratio: 0.117 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3/0 50/4 113/9 49/4][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 230/228 730/613 250/223][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 0,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
16 TCP [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:41266 <-> [2620:116:800d:21:8c6e:cf2c:8d6:9fb5]:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 5][cat: Web/5][Breed: Safe][5 pkts/1186 bytes <-> 4 pkts/790 bytes][Goodput ratio: 64/56][0.21 sec][bytes ratio: 0.200 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 52/8 121/15 49/6][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 237/198 750/486 257/168][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 0,60,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

7
tests/cfgs/default/result/tunnelbear.pcap.out
View file

@ -30,8 +30,9 @@ FacebookMessenger 18 5263 1
GoogleServices 15 2661 1
TunnelBear 337 86766 16
Safe 58 22847 3
Safe 24 9110 1
Acceptable 375 94996 19
Tracker_Ads 34 13737 2
VPN 337 86766 16
Web 39 11771 2
@ -50,8 +51,8 @@ JA Host Stats:
3 TCP 10.8.0.1:50178 <-> 104.17.154.236:443 [proto: 91.299/TLS.TunnelBear][Stack: TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: VPN/2][Breed: Acceptable][13 pkts/2849 bytes <-> 12 pkts/7134 bytes][Goodput ratio: 75/91][0.68 sec][Hostname/SNI: api.tunnelbear.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.429 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 51/74 393/449 118/137][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 219/594 590/5527 219/1499][nDPI Fingerprint: 30213a84a43d1d86d0cb9ba0220ba64c][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1210h2_d34a8e72043a_f88f2b2eb673][ServerNames: *.tunnelbear.com,tunnelbear.com][JA3S: a885fb01204bc11cc58efc02fe640899][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA][Subject: CN=*.tunnelbear.com][Certificate SHA-1: 52:96:E2:83:CC:15:4E:B3:0F:5B:1D:E2:E8:FF:4E:A9:C4:E9:C0:AF][Safari][Validity: 2022-06-07 00:00:00 - 2023-07-08 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,27,9,0,0,0,0,0,0,0,9,9,0,0,0,0,27,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9]
4 TCP 10.8.0.1:50904 <-> 104.17.154.236:443 [proto: 91.299/TLS.TunnelBear][Stack: TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: VPN/2][Breed: Acceptable][10 pkts/2689 bytes <-> 10 pkts/6997 bytes][Goodput ratio: 79/92][0.84 sec][Hostname/SNI: api.tunnelbear.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.445 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 105/97 383/336 151/137][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 269/700 590/5527 236/1622][nDPI Fingerprint: 30213a84a43d1d86d0cb9ba0220ba64c][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1210h2_d34a8e72043a_f88f2b2eb673][ServerNames: *.tunnelbear.com,tunnelbear.com][JA3S: a885fb01204bc11cc58efc02fe640899][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA][Subject: CN=*.tunnelbear.com][Certificate SHA-1: 52:96:E2:83:CC:15:4E:B3:0F:5B:1D:E2:E8:FF:4E:A9:C4:E9:C0:AF][Safari][Validity: 2022-06-07 00:00:00 - 2023-07-08 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,11,11,0,0,0,0,0,0,0,11,0,11,0,0,0,33,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11]
5 TCP 10.8.0.1:47594 <-> 99.83.135.170:443 [proto: 91/TLS][Stack: TLS][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 8][cat: Web/5][Breed: Safe][11 pkts/2035 bytes <-> 13 pkts/7075 bytes][Goodput ratio: 70/90][2.41 sec][Hostname/SNI: capi.grammarly.com][bytes ratio: -0.553 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 146/225 445/907 178/264][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 185/544 590/4080 163/1089][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: afee519375a83ac5599c34de5758a898][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d140700_c866b44c5a26_036209cd1ead][ServerNames: capi.grammarly.com,capi-msdk.grammarly.com][JA3S: 303951d4c50efb2e991652225a6f02b1][Issuer: C=US, O=Amazon, OU=Server CA 1B, CN=Amazon][Subject: CN=capi.grammarly.com][Certificate SHA-1: 1F:4A:0B:A6:60:01:94:7D:3D:94:03:14:5A:30:AF:64:D5:EC:58:DD][Safari][Validity: 2022-03-22 00:00:00 - 2023-04-20 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,8,8,0,0,0,8,8,0,0,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,8]
6 TCP 10.8.0.1:48222 <-> 162.247.243.188:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][Breed: Safe][9 pkts/1985 bytes <-> 8 pkts/4930 bytes][Goodput ratio: 74/91][1.54 sec][Hostname/SNI: mobile-collector.newrelic.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.426 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 212/256 1145/1199 391/431][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 221/616 590/3918 217/1255][nDPI Fingerprint: 2da8b147dca682066db23849a95ca854][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1410h1_c866b44c5a26_f88f2b2eb673][ServerNames: *.newrelic.com,newrelic.com][JA3S: a885fb01204bc11cc58efc02fe640899][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=San Francisco, O=New Relic, Inc., CN=*.newrelic.com][Certificate SHA-1: 90:B0:56:FB:4D:88:5C:EB:F9:79:45:35:26:15:0C:00:F4:08:72:77][Safari][Validity: 2022-02-07 00:00:00 - 2023-03-03 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,14,0,0,0,0,0,14,0,14,14,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14]
7 TCP 10.8.0.1:47496 <-> 162.247.243.188:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][Breed: Safe][9 pkts/1892 bytes <-> 8 pkts/4930 bytes][Goodput ratio: 73/91][0.51 sec][Hostname/SNI: mobile-collector.newrelic.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.445 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 65/76 290/290 100/104][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 210/616 590/3918 211/1255][nDPI Fingerprint: 2da8b147dca682066db23849a95ca854][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1410h1_c866b44c5a26_f88f2b2eb673][ServerNames: *.newrelic.com,newrelic.com][JA3S: a885fb01204bc11cc58efc02fe640899][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=San Francisco, O=New Relic, Inc., CN=*.newrelic.com][Certificate SHA-1: 90:B0:56:FB:4D:88:5C:EB:F9:79:45:35:26:15:0C:00:F4:08:72:77][Safari][Validity: 2022-02-07 00:00:00 - 2023-03-03 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,14,0,0,0,0,14,14,0,0,14,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14]
6 TCP 10.8.0.1:48222 <-> 162.247.243.188:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][Breed: Tracker_Ads][9 pkts/1985 bytes <-> 8 pkts/4930 bytes][Goodput ratio: 74/91][1.54 sec][Hostname/SNI: mobile-collector.newrelic.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.426 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 212/256 1145/1199 391/431][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 221/616 590/3918 217/1255][nDPI Fingerprint: 2da8b147dca682066db23849a95ca854][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1410h1_c866b44c5a26_f88f2b2eb673][ServerNames: *.newrelic.com,newrelic.com][JA3S: a885fb01204bc11cc58efc02fe640899][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=San Francisco, O=New Relic, Inc., CN=*.newrelic.com][Certificate SHA-1: 90:B0:56:FB:4D:88:5C:EB:F9:79:45:35:26:15:0C:00:F4:08:72:77][Safari][Validity: 2022-02-07 00:00:00 - 2023-03-03 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,14,0,0,0,0,0,14,0,14,14,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14]
7 TCP 10.8.0.1:47496 <-> 162.247.243.188:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Advertisement/101][Breed: Tracker_Ads][9 pkts/1892 bytes <-> 8 pkts/4930 bytes][Goodput ratio: 73/91][0.51 sec][Hostname/SNI: mobile-collector.newrelic.com][(Advertised) ALPNs: http/1.1][(Negotiated) ALPN: http/1.1][bytes ratio: -0.445 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 65/76 290/290 100/104][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 210/616 590/3918 211/1255][nDPI Fingerprint: 2da8b147dca682066db23849a95ca854][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1410h1_c866b44c5a26_f88f2b2eb673][ServerNames: *.newrelic.com,newrelic.com][JA3S: a885fb01204bc11cc58efc02fe640899][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=San Francisco, O=New Relic, Inc., CN=*.newrelic.com][Certificate SHA-1: 90:B0:56:FB:4D:88:5C:EB:F9:79:45:35:26:15:0C:00:F4:08:72:77][Safari][Validity: 2022-02-07 00:00:00 - 2023-03-03 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,14,0,0,0,0,14,14,0,0,14,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14]
8 TCP 10.8.0.1:45108 <-> 104.17.115.40:443 [proto: 91.299/TLS.TunnelBear][Stack: TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: VPN/2][Breed: Acceptable][10 pkts/1309 bytes <-> 7 pkts/4360 bytes][Goodput ratio: 57/91][0.20 sec][Hostname/SNI: api.polargrizzly.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.538 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/39 135/132 44/50][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 131/623 571/3709 151/1265][nDPI Fingerprint: 30213a84a43d1d86d0cb9ba0220ba64c][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1210h2_d34a8e72043a_f88f2b2eb673][ServerNames: *.polargrizzly.com,polargrizzly.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA][Subject: CN=*.polargrizzly.com][Certificate SHA-1: 1D:D9:82:8B:E8:9A:66:86:18:67:66:52:EE:02:6C:7D:09:12:B4:17][Safari][Validity: 2022-06-15 00:00:00 - 2023-07-15 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,34,0,0,0,0,0,0,0,16,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16]
9 TCP 10.8.0.1:45114 <-> 104.17.115.40:443 [proto: 91.299/TLS.TunnelBear][Stack: TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: VPN/2][Breed: Acceptable][7 pkts/1147 bytes <-> 6 pkts/4309 bytes][Goodput ratio: 65/92][0.25 sec][Hostname/SNI: api.polargrizzly.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.580 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/51 39/61 135/132 53/47][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 164/718 571/3712 174/1344][nDPI Fingerprint: 30213a84a43d1d86d0cb9ba0220ba64c][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1210h2_d34a8e72043a_f88f2b2eb673][ServerNames: *.polargrizzly.com,polargrizzly.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA][Subject: CN=*.polargrizzly.com][Certificate SHA-1: 1D:D9:82:8B:E8:9A:66:86:18:67:66:52:EE:02:6C:7D:09:12:B4:17][Safari][Validity: 2022-06-15 00:00:00 - 2023-07-15 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,20,0,20,0,0,0,0,0,20,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20]
10 TCP 10.8.0.1:45106 <-> 104.17.115.40:443 [proto: 91.299/TLS.TunnelBear][Stack: TLS.TunnelBear][IP: 220/Cloudflare][Encrypted][Confidence: DPI][FPC: 220/Cloudflare, Confidence: IP address][DPI packets: 6][cat: VPN/2][Breed: Acceptable][7 pkts/1147 bytes <-> 6 pkts/4308 bytes][Goodput ratio: 65/92][0.26 sec][Hostname/SNI: api.polargrizzly.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.579 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 40/62 133/131 52/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 164/718 571/3711 174/1344][nDPI Fingerprint: 30213a84a43d1d86d0cb9ba0220ba64c][TCP Fingerprint: 2_64_65535_41a9d5af7dd3/Android][TLSv1.2][JA4: t12d1210h2_d34a8e72043a_f88f2b2eb673][ServerNames: *.polargrizzly.com,polargrizzly.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA][Subject: CN=*.polargrizzly.com][Certificate SHA-1: 1D:D9:82:8B:E8:9A:66:86:18:67:66:52:EE:02:6C:7D:09:12:B4:17][Safari][Validity: 2022-06-15 00:00:00 - 2023-07-15 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,20,0,20,0,0,0,0,0,20,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20]

2
tests/cfgs/default/result/wa_voice.pcap.out
View file

@ -38,10 +38,10 @@ Spotify 2 172 1
ApplePush 24 8007 1
WhatsAppFiles 50 24752 1
Unrated 2 120 1
Safe 8 542 1
Acceptable 722 169382 25
Fun 2 172 1
Unrated 2 120 1
Unspecified 2 120 1
Web 8 542 1

2
tests/cfgs/default/result/waze.pcap.out
View file

@ -32,9 +32,9 @@ TLS 21 2574 3
Waze 484 289335 19
WhatsApp 15 1341 1
Unrated 10 786 1
Safe 21 2574 3
Acceptable 566 355633 29
Unrated 10 786 1
Unspecified 10 786 1
Web 533 293481 29

5
tests/cfgs/default/result/webex.pcap.out
View file

@ -32,7 +32,8 @@ Google 17 6375 1
Webex 790 500686 30
Safe 259 29507 23
Acceptable 851 525599 34
Acceptable 834 519224 33
Tracker_Ads 17 6375 1
Web 281 32689 25
VoIP 812 516042 31
@ -66,7 +67,7 @@ JA Host Stats:
21 TCP 10.8.0.1:55665 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][Stack: TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][Breed: Acceptable][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][Goodput ratio: 66/87][1.40 sec][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 127/190 512/509 170/160][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163/432 590/3961 167/1117][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][nDPI Fingerprint: 265bb6ba064759800a0118d131206482][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i440400_e56d601e95ee_282f11336259][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,25,0,12,0,12,12,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12]
22 TCP 10.8.0.1:55671 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][Stack: TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][Breed: Acceptable][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][Goodput ratio: 66/87][1.32 sec][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 118/180 470/468 157/151][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163/432 590/3961 167/1117][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][nDPI Fingerprint: 265bb6ba064759800a0118d131206482][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i440400_e56d601e95ee_282f11336259][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,25,0,12,0,12,12,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12]
23 TCP 10.8.0.1:55687 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][Stack: TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][Breed: Acceptable][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][Goodput ratio: 66/87][4.59 sec][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 305/639 1712/1786 557/738][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163/432 590/3961 167/1117][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][nDPI Fingerprint: 265bb6ba064759800a0118d131206482][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i440400_e56d601e95ee_282f11336259][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,25,0,12,0,12,12,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12]
24 TCP 10.8.0.1:43433 <-> 216.58.208.40:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Advertisement/101][Breed: Acceptable][9 pkts/1540 bytes <-> 8 pkts/4835 bytes][Goodput ratio: 67/91][3.85 sec][Hostname/SNI: ssl.google-analytics.com][bytes ratio: -0.517 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/1 389/621 1225/1224 477/511][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 171/604 590/3751 168/1199][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: d1706bbb5bee9ea9e5981bfb64e0a8dd][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1.2][JA4: t12d200500_6e20beb92e8e_c70a3c84db07][ServerNames: *.google-analytics.com,app-measurement.com,google-analytics.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googletagmanager.com][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google-analytics.com][Certificate SHA-1: E0:F0:1E:71:F2:B5:D9:2D:F7:4E:8F:CB:10:37:17:7C:0C:C4:07:9D][Firefox][Validity: 2015-09-29 19:00:07 - 2015-12-28 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,14,14,0,0,14,14,0,0,0,0,14,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14]
24 TCP 10.8.0.1:43433 <-> 216.58.208.40:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Advertisement/101][Breed: Tracker_Ads][9 pkts/1540 bytes <-> 8 pkts/4835 bytes][Goodput ratio: 67/91][3.85 sec][Hostname/SNI: ssl.google-analytics.com][bytes ratio: -0.517 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/1 389/621 1225/1224 477/511][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 171/604 590/3751 168/1199][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: d1706bbb5bee9ea9e5981bfb64e0a8dd][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1.2][JA4: t12d200500_6e20beb92e8e_c70a3c84db07][ServerNames: *.google-analytics.com,app-measurement.com,google-analytics.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googletagmanager.com][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google-analytics.com][Certificate SHA-1: E0:F0:1E:71:F2:B5:D9:2D:F7:4E:8F:CB:10:37:17:7C:0C:C4:07:9D][Firefox][Validity: 2015-09-29 19:00:07 - 2015-12-28 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,14,14,0,0,14,14,0,0,0,0,14,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14]
25 TCP 10.8.0.1:51646 <-> 114.29.204.49:443 [proto: 91.141/TLS.Webex][Stack: TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][Breed: Acceptable][9 pkts/895 bytes <-> 8 pkts/4398 bytes][Goodput ratio: 43/90][3.11 sec][bytes ratio: -0.662 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 263/413 1025/1231 416/511][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 99/550 380/2581 101/889][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][nDPI Fingerprint: 243e6139d9b4c6b9b889def424d85b70][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,40,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,20]
26 TCP 10.8.0.1:52219 <-> 64.68.121.100:443 [proto: 91.141/TLS.Webex][Stack: TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][Breed: Acceptable][8 pkts/841 bytes <-> 7 pkts/4376 bytes][Goodput ratio: 46/91][4.09 sec][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/10 301/484 1105/1237 425/496][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 105/625 380/3993 106/1375][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][nDPI Fingerprint: 243e6139d9b4c6b9b889def424d85b70][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,50,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25]
27 TCP 10.8.0.1:55969 <-> 64.68.121.99:443 [proto: 91.141/TLS.Webex][Stack: TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][Breed: Acceptable][8 pkts/841 bytes <-> 7 pkts/4376 bytes][Goodput ratio: 46/91][4.08 sec][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/7 299/483 1096/1238 423/498][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 105/625 380/3993 106/1375][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][nDPI Fingerprint: 243e6139d9b4c6b9b889def424d85b70][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,50,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25]

6
tests/cfgs/default/result/youtube_quic.pcap.out
View file

@ -23,12 +23,12 @@ Patricia protocols IPv6: 0/0 (search/found)
YouTube 258 178495 1
Google 31 13144 2
Acceptable 31 13144 2
Fun 258 178495 1
Tracker_Ads 31 13144 2
Media 258 178495 1
Advertisement 31 13144 2
1 UDP 192.168.1.7:56074 <-> 216.58.198.33:443 [proto: 188.124/QUIC.YouTube][Stack: QUIC.YouTube][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][Breed: Fun][113 pkts/16111 bytes <-> 145 pkts/162384 bytes][Goodput ratio: 71/96][3.12 sec][Hostname/SNI: yt3.ggpht.com][bytes ratio: -0.819 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/5 70/69 15/12][Pkt Len c2s/s2c min/avg/max/stddev: 77/73 143/1120 1392/1392 176/437][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][QUIC ver: Q035][Idle Timeout: 30][PLAIN TEXT (yt3.ggpht.com)][Plen Bins: 0,31,1,12,8,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,41,0,0,0,0,0]
2 UDP 192.168.1.7:53859 <-> 216.58.205.66:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Acceptable][9 pkts/3929 bytes <-> 9 pkts/4736 bytes][Goodput ratio: 90/92][0.44 sec][Hostname/SNI: googleads.g.doubleclick.net][bytes ratio: -0.093 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/5 36/37 114/158 48/52][Pkt Len c2s/s2c min/avg/max/stddev: 80/69 437/526 1392/1392 524/546][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][QUIC ver: Q035][Idle Timeout: 30][PLAIN TEXT (googleads.g.doubleclick.net)][Plen Bins: 16,39,0,0,0,0,0,0,0,5,5,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0]
3 UDP 192.168.1.7:54997 <-> 216.58.205.66:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Acceptable][7 pkts/2312 bytes <-> 6 pkts/2167 bytes][Goodput ratio: 87/88][0.56 sec][Hostname/SNI: pagead2.googlesyndication.com][bytes ratio: 0.032 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/8 40/17 89/44 35/17][Pkt Len c2s/s2c min/avg/max/stddev: 80/72 330/361 1392/1392 449/479][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][QUIC ver: Q035][Idle Timeout: 30][PLAIN TEXT (pagead2.googlesyndication.com)][Plen Bins: 23,30,7,0,7,0,0,0,0,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,0,0]
2 UDP 192.168.1.7:53859 <-> 216.58.205.66:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][9 pkts/3929 bytes <-> 9 pkts/4736 bytes][Goodput ratio: 90/92][0.44 sec][Hostname/SNI: googleads.g.doubleclick.net][bytes ratio: -0.093 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/5 36/37 114/158 48/52][Pkt Len c2s/s2c min/avg/max/stddev: 80/69 437/526 1392/1392 524/546][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][QUIC ver: Q035][Idle Timeout: 30][PLAIN TEXT (googleads.g.doubleclick.net)][Plen Bins: 16,39,0,0,0,0,0,0,0,5,5,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0]
3 UDP 192.168.1.7:54997 <-> 216.58.205.66:443 [proto: 188.126/QUIC.Google][Stack: QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][Breed: Tracker_Ads][7 pkts/2312 bytes <-> 6 pkts/2167 bytes][Goodput ratio: 87/88][0.56 sec][Hostname/SNI: pagead2.googlesyndication.com][bytes ratio: 0.032 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/8 40/17 89/44 35/17][Pkt Len c2s/s2c min/avg/max/stddev: 80/72 330/361 1392/1392 449/479][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][QUIC ver: Q035][Idle Timeout: 30][PLAIN TEXT (pagead2.googlesyndication.com)][Plen Bins: 23,30,7,0,7,0,0,0,0,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,0,0]

2
tests/cfgs/default/result/zug.pcap.out
View file

@ -24,8 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found)
Unknown 1 452 1
ZUG 6 984 6
Acceptable 6 984 6
Unrated 1 452 1
Acceptable 6 984 6
Unspecified 1 452 1
Crypto_Currency 6 984 6

2
tests/cfgs/disable_protocols/result/esp.pcapng.out
View file

@ -25,8 +25,8 @@ Patricia protocols IPv6: 0/0 (search/found)
Unknown 4 1524 1
ESP 2 332 1
Safe 2 332 1
Unrated 4 1524 1
Safe 2 332 1
Unspecified 4 1524 1
VPN 2 332 1

2
tests/cfgs/disable_use_client_port/result/iphone.pcap.out
View file

@ -37,10 +37,10 @@ AppleiCloud 209 126365 5
AppleiTunes 62 23299 2
Spotify 2 172 1
Unrated 2 120 1
Safe 132 53116 8
Acceptable 288 144245 39
Fun 64 23471 3
Unrated 2 120 1
Unspecified 2 120 1
Web 332 178040 12

4
tests/cfgs/dns_sub_enable/result/dns_retransmissions.pcap.out
View file

@ -22,8 +22,8 @@ Patricia protocols IPv6: 0/0 (search/found)
Microsoft 4 450 1
Safe 4 450 1
Acceptable 4 450 1
Network 4 450 1
1 UDP 37.41.101.140:11892 <-> 208.67.222.222:53 [VLAN: 103][proto: 5.212/DNS.Microsoft][Stack: DNS.Microsoft][IP: 225/OpenDNS][ClearText][Confidence: DPI][FPC: 5.212/DNS.Microsoft, Confidence: DPI][DPI packets: 3][cat: Network/14][Breed: Safe][2 pkts/150 bytes <-> 2 pkts/300 bytes][Goodput ratio: 38/69][0.20 sec][Hostname/SNI: api.msn.com][204.79.197.203][DNS Id: 0xb8e2][PLAIN TEXT (msedge)][Plen Bins: 50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
1 UDP 37.41.101.140:11892 <-> 208.67.222.222:53 [VLAN: 103][proto: 5.212/DNS.Microsoft][Stack: DNS.Microsoft][IP: 225/OpenDNS][ClearText][Confidence: DPI][FPC: 5.212/DNS.Microsoft, Confidence: DPI][DPI packets: 3][cat: Network/14][Breed: Acceptable][2 pkts/150 bytes <-> 2 pkts/300 bytes][Goodput ratio: 38/69][0.20 sec][Hostname/SNI: api.msn.com][204.79.197.203][DNS Id: 0xb8e2][PLAIN TEXT (msedge)][Plen Bins: 50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

15
tests/cfgs/enable_payload_stat/result/1kxun.pcap.out
View file

@ -46,11 +46,12 @@ MpegDash 1 299 1
Line 28 18656 2
Mikrotik 5 864 5
Safe 126 30113 10
Acceptable 640 515748 128
Fun 933 1975152 48
Dangerous 5 1197 2
Unrated 19 5564 9
Safe 126 30113 10
Acceptable 614 462930 125
Fun 935 1977419 49
Dangerous 5 1197 2
Tracker_Ads 24 50551 2
Unspecified 19 5564 9
Media 13 4318 2
@ -121,10 +122,10 @@ JA Host Stats:
22 TCP 192.168.115.8:49606 <-> 106.185.35.110:80 [flowId: 36][proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][Breed: Fun][22 pkts/1926 bytes <-> 28 pkts/33821 bytes][Goodput ratio: 37/95][0.42 sec][Hostname/SNI: jp.kankan.1kxun.mobi][bytes ratio: -0.892 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/8 194/109 46/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 88/1208 411/1314 102/329][URL: jp.kankan.1kxun.mobi/api/movies/mp4script/10410?definition=true][StatusCode: 200][Content-Type: text/xml][Server: openresty/1.9.7.1][Risk: ** HTTP Susp User-Agent **][Risk Score: 100][Risk Info: Empty or missing User-Agent][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /api/movies/mp4)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,89,0,0,0,0,0,0,0,0]
23 TCP 192.168.115.8:49599 <-> 106.187.35.246:80 [flowId: 26][proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][Breed: Fun][16 pkts/1612 bytes <-> 27 pkts/29579 bytes][Goodput ratio: 45/95][45.24 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.897 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/6 66/65 23/18][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 101/1096 415/1314 119/461][URL: pic.1kxun.com/video_kankan/images/videos/13480-alps.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /video)][Plen Bins: 7,3,0,0,0,0,0,0,0,3,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,79,0,0,0,0,0,0,0,0]
24 TCP 192.168.2.126:44368 <-> 172.217.18.98:80 [flowId: 162][proto: 7.239/HTTP.GoogleServices][Stack: HTTP.GoogleServices][IP: 126/Google][ClearText][Confidence: DPI][FPC: 7.239/HTTP.GoogleServices, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/489 bytes <-> 16 pkts/29841 bytes][Goodput ratio: 86/96][0.06 sec][Hostname/SNI: www.googletagservices.com][bytes ratio: -0.968 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/2 0/22 0/6][Pkt Len c2s/s2c min/avg/max/stddev: 489/491 489/1865 489/2902 0/738][URL: www.googletagservices.com/tag/js/gpt.js][StatusCode: 200][Content-Type: text/javascript][Server: sffe][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /tag/js/gpt.j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,59,0,0,29]
25 TCP 192.168.2.126:38354 <-> 142.250.186.34:80 [flowId: 154][proto: 7.126/HTTP.Google][Stack: HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][FPC: 7.126/HTTP.Google, Confidence: DPI][DPI packets: 9][cat: Advertisement/101][Breed: Acceptable][1 pkts/586 bytes <-> 12 pkts/28355 bytes][Goodput ratio: 89/97][0.08 sec][Hostname/SNI: pagead2.googlesyndication.com][bytes ratio: -0.960 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/23 0/7][Pkt Len c2s/s2c min/avg/max/stddev: 586/687 586/2363 586/2902 0/788][URL: pagead2.googlesyndication.com/pagead/show_ads.js][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /pagead/show)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0,62]
25 TCP 192.168.2.126:38354 <-> 142.250.186.34:80 [flowId: 154][proto: 7.126/HTTP.Google][Stack: HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][FPC: 7.126/HTTP.Google, Confidence: DPI][DPI packets: 9][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/586 bytes <-> 12 pkts/28355 bytes][Goodput ratio: 89/97][0.08 sec][Hostname/SNI: pagead2.googlesyndication.com][bytes ratio: -0.960 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/23 0/7][Pkt Len c2s/s2c min/avg/max/stddev: 586/687 586/2363 586/2902 0/788][URL: pagead2.googlesyndication.com/pagead/show_ads.js][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /pagead/show)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0,62]
26 TCP 192.168.2.126:35664 <-> 18.66.2.90:80 [flowId: 181][proto: 7/HTTP][Stack: HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/249 bytes <-> 9 pkts/27029 bytes][Goodput ratio: 73/98][0.02 sec][Hostname/SNI: cdn.liftoff.io][bytes ratio: -0.982 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/1 0/3 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 249/797 249/3003 249/4350 0/1362][URL: cdn.liftoff.io/customers/45d4b09eba/image/lambda_jpg_89/398101234e6cf5b3a8d8.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /customers/45)][Plen Bins: 0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,60]
27 TCP 192.168.115.8:49603 <-> 106.187.35.246:80 [flowId: 30][proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][Breed: Fun][12 pkts/1396 bytes <-> 22 pkts/24184 bytes][Goodput ratio: 52/95][45.24 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.891 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5632/4 45001/65 14880/15][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116/1099 415/1314 134/455][URL: pic.1kxun.com/video_kankan/images/videos/16649-ljdz.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /video)][Plen Bins: 8,0,0,0,0,0,0,0,0,4,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,75,0,0,0,0,0,0,0,0]
28 TCP 192.168.2.126:36732 <-> 142.250.186.174:80 [flowId: 155][proto: 7.126/HTTP.Google][Stack: HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][FPC: 7.126/HTTP.Google, Confidence: DPI][DPI packets: 2][cat: Advertisement/101][Breed: Acceptable][1 pkts/487 bytes <-> 10 pkts/21123 bytes][Goodput ratio: 86/97][0.05 sec][Hostname/SNI: www.google-analytics.com][bytes ratio: -0.955 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/21 0/7][Pkt Len c2s/s2c min/avg/max/stddev: 487/677 487/2112 487/2902 0/822][URL: www.google-analytics.com/analytics.js][StatusCode: 200][Content-Type: text/javascript][Server: Golfe2][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /analytics.js HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,45]
28 TCP 192.168.2.126:36732 <-> 142.250.186.174:80 [flowId: 155][proto: 7.126/HTTP.Google][Stack: HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][FPC: 7.126/HTTP.Google, Confidence: DPI][DPI packets: 2][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/487 bytes <-> 10 pkts/21123 bytes][Goodput ratio: 86/97][0.05 sec][Hostname/SNI: www.google-analytics.com][bytes ratio: -0.955 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/21 0/7][Pkt Len c2s/s2c min/avg/max/stddev: 487/677 487/2112 487/2902 0/822][URL: www.google-analytics.com/analytics.js][StatusCode: 200][Content-Type: text/javascript][Server: Golfe2][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /analytics.js HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,45]
29 TCP 192.168.2.126:45388 <-> 161.117.13.29:80 [flowId: 146][proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][Breed: Fun][2 pkts/1315 bytes <-> 8 pkts/18984 bytes][Goodput ratio: 90/97][4.33 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.870 (Download)][IAT c2s/s2c min/avg/max/stddev: 3965/0 3965/593 3965/3966 0/1379][Pkt Len c2s/s2c min/avg/max/stddev: 509/1287 658/2373 806/8258 148/2234][URL: mangaweb.1kxun.mobi/js/swiper/swiper.min.css][StatusCode: 200][Content-Type: text/css][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/swiper/swiper.min.css H)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,40,0,20]
30 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [flowId: 40][proto: 7/HTTP][Stack: HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 274/Alibaba, Confidence: IP address][DPI packets: 9][cat: Web/5][Breed: Acceptable][20 pkts/4716 bytes <-> 13 pkts/7005 bytes][Goodput ratio: 77/90][1.19 sec][Hostname/SNI: 42.120.51.152][bytes ratio: -0.195 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 49/52 298/178 81/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 236/539 499/1314 193/556][URL: 42.120.51.152:8080/api/proxy?url=http%3A%2F%2Fvv.video.qq.com%2Fgetvinfo][StatusCode: 100][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 42.120.51.152 / Expected on port 80][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (POST /api/proxy)][Plen Bins: 11,0,0,0,0,0,0,22,0,0,0,0,0,33,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0]
31 TCP 192.168.2.126:37100 <-> 52.29.177.177:80 [flowId: 187][proto: 7/HTTP][Stack: HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 4][cat: Web/5][Breed: Acceptable][12 pkts/8973 bytes <-> 4 pkts/687 bytes][Goodput ratio: 91/61][7.04 sec][Hostname/SNI: adx-tk.rayjump.com][bytes ratio: 0.858 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/185 697/1192 4610/2198 1454/1006][Pkt Len c2s/s2c min/avg/max/stddev: 86/169 748/172 1506/180 594/5][StatusCode: 204][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /track)][Plen Bins: 25,0,0,25,0,0,0,0,0,0,0,0,0,0,12,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
@ -161,7 +162,7 @@ JA Host Stats:
62 TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [flowId: 24][proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][Breed: Fun][10 pkts/1406 bytes <-> 4 pkts/980 bytes][Goodput ratio: 60/75][45.21 sec][Hostname/SNI: kankan.1kxun.com][bytes ratio: 0.179 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/9 5643/40 44798/70 14800/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 141/245 474/788 167/314][URL: kankan.1kxun.com/api/videos/alsolikes/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377899][StatusCode: 200][Content-Type: application/json][Server: openresty/1.9.3.2][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /api/videos/alsolikes/10410)][Plen Bins: 40,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
63 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [flowId: 45][proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][Breed: Acceptable][10 pkts/1428 bytes <-> 4 pkts/867 bytes][Goodput ratio: 60/73][0.23 sec][Hostname/SNI: 183.131.48.145][bytes ratio: 0.244 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/42 74/83 34/42][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 143/217 486/687 172/271][URL: 183.131.48.145/vlive.qqvideo.tc.qq.com/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE656][StatusCode: 302][Server: httpserver][Risk: ** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 110][Risk Info: Found host 183.131.48.145 / Empty or missing User-Agent][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /vlive.qq)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
64 UDP 192.168.5.44:51389 -> 239.255.255.250:1900 [flowId: 2][proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][13 pkts/2275 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][59.19 sec][Hostname/SNI: 239.255.255.250][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2967/0 5110/0 15056/0 4451/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
65 TCP 192.168.2.126:45424 <-> 161.117.13.29:80 [flowId: 151][proto: 7/HTTP][Stack: HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Streaming/17][Breed: Acceptable][1 pkts/480 bytes <-> 1 pkts/1787 bytes][Goodput ratio: 86/96][0.19 sec][Hostname/SNI: tcad.wedolook.com][URL: tcad.wedolook.com/js/websdk.js][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/websdk.js HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
65 TCP 192.168.2.126:45424 <-> 161.117.13.29:80 [flowId: 151][proto: 7/HTTP][Stack: HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Streaming/17][Breed: Fun][1 pkts/480 bytes <-> 1 pkts/1787 bytes][Goodput ratio: 86/96][0.19 sec][Hostname/SNI: tcad.wedolook.com][URL: tcad.wedolook.com/js/websdk.js][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/websdk.js HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
66 UDP 192.168.3.95:59468 -> 239.255.255.250:1900 [flowId: 20][proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][12 pkts/2100 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][45.06 sec][Hostname/SNI: 239.255.255.250][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2967/0 4198/0 14952/0 3585/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
67 UDP 192.168.5.9:55484 -> 239.255.255.250:1900 [flowId: 50][proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][12 pkts/2100 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][49.87 sec][Hostname/SNI: 239.255.255.250][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 4680/0 19869/0 5063/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
68 TCP 192.168.2.126:50148 <-> 161.117.13.29:80 [flowId: 164][proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][Breed: Fun][1 pkts/1180 bytes <-> 1 pkts/832 bytes][Goodput ratio: 94/92][0.18 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/readpage_revision/like_1.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/readpage)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0]

15
tests/cfgs/fpc/result/1kxun.pcap.out
View file

@ -51,11 +51,12 @@ MpegDash 1 299 1 1 299 1
Line 28 18656 2 51 26090 3 (*)
Mikrotik 5 864 5 5 864 5
Safe 126 30113 10
Acceptable 640 515748 128
Fun 933 1975152 48
Dangerous 5 1197 2
Unrated 19 5564 9
Safe 126 30113 10
Acceptable 614 462930 125
Fun 935 1977419 49
Dangerous 5 1197 2
Tracker_Ads 24 50551 2
Unspecified 19 5564 9
Media 13 4318 2
@ -97,10 +98,10 @@ JA Host Stats:
22 TCP 192.168.115.8:49606 <-> 106.185.35.110:80 [proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][Breed: Fun][22 pkts/1926 bytes <-> 28 pkts/33821 bytes][Goodput ratio: 37/95][0.42 sec][Hostname/SNI: jp.kankan.1kxun.mobi][bytes ratio: -0.892 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/8 194/109 46/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 88/1208 411/1314 102/329][URL: jp.kankan.1kxun.mobi/api/movies/mp4script/10410?definition=true][StatusCode: 200][Content-Type: text/xml][Server: openresty/1.9.7.1][Risk: ** HTTP Susp User-Agent **][Risk Score: 100][Risk Info: Empty or missing User-Agent][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /api/movies/mp4)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,89,0,0,0,0,0,0,0,0]
23 TCP 192.168.115.8:49599 <-> 106.187.35.246:80 [proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][Breed: Fun][16 pkts/1612 bytes <-> 27 pkts/29579 bytes][Goodput ratio: 45/95][45.24 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.897 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/6 66/65 23/18][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 101/1096 415/1314 119/461][URL: pic.1kxun.com/video_kankan/images/videos/13480-alps.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /video)][Plen Bins: 7,3,0,0,0,0,0,0,0,3,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,79,0,0,0,0,0,0,0,0]
24 TCP 192.168.2.126:44368 <-> 172.217.18.98:80 [proto: 7.239/HTTP.GoogleServices][Stack: HTTP.GoogleServices][IP: 126/Google][ClearText][Confidence: DPI][FPC: 7.239/HTTP.GoogleServices, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/489 bytes <-> 16 pkts/29841 bytes][Goodput ratio: 86/96][0.06 sec][Hostname/SNI: www.googletagservices.com][bytes ratio: -0.968 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/2 0/22 0/6][Pkt Len c2s/s2c min/avg/max/stddev: 489/491 489/1865 489/2902 0/738][URL: www.googletagservices.com/tag/js/gpt.js][StatusCode: 200][Content-Type: text/javascript][Server: sffe][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /tag/js/gpt.j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,59,0,0,29]
25 TCP 192.168.2.126:38354 <-> 142.250.186.34:80 [proto: 7.126/HTTP.Google][Stack: HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][FPC: 7.126/HTTP.Google, Confidence: DPI][DPI packets: 9][cat: Advertisement/101][Breed: Acceptable][1 pkts/586 bytes <-> 12 pkts/28355 bytes][Goodput ratio: 89/97][0.08 sec][Hostname/SNI: pagead2.googlesyndication.com][bytes ratio: -0.960 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/23 0/7][Pkt Len c2s/s2c min/avg/max/stddev: 586/687 586/2363 586/2902 0/788][URL: pagead2.googlesyndication.com/pagead/show_ads.js][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /pagead/show)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0,62]
25 TCP 192.168.2.126:38354 <-> 142.250.186.34:80 [proto: 7.126/HTTP.Google][Stack: HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][FPC: 7.126/HTTP.Google, Confidence: DPI][DPI packets: 9][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/586 bytes <-> 12 pkts/28355 bytes][Goodput ratio: 89/97][0.08 sec][Hostname/SNI: pagead2.googlesyndication.com][bytes ratio: -0.960 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/23 0/7][Pkt Len c2s/s2c min/avg/max/stddev: 586/687 586/2363 586/2902 0/788][URL: pagead2.googlesyndication.com/pagead/show_ads.js][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /pagead/show)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0,62]
26 TCP 192.168.2.126:35664 <-> 18.66.2.90:80 [proto: 7/HTTP][Stack: HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/249 bytes <-> 9 pkts/27029 bytes][Goodput ratio: 73/98][0.02 sec][Hostname/SNI: cdn.liftoff.io][bytes ratio: -0.982 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/1 0/3 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 249/797 249/3003 249/4350 0/1362][URL: cdn.liftoff.io/customers/45d4b09eba/image/lambda_jpg_89/398101234e6cf5b3a8d8.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /customers/45)][Plen Bins: 0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,60]
27 TCP 192.168.115.8:49603 <-> 106.187.35.246:80 [proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][Breed: Fun][12 pkts/1396 bytes <-> 22 pkts/24184 bytes][Goodput ratio: 52/95][45.24 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.891 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5632/4 45001/65 14880/15][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116/1099 415/1314 134/455][URL: pic.1kxun.com/video_kankan/images/videos/16649-ljdz.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /video)][Plen Bins: 8,0,0,0,0,0,0,0,0,4,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,75,0,0,0,0,0,0,0,0]
28 TCP 192.168.2.126:36732 <-> 142.250.186.174:80 [proto: 7.126/HTTP.Google][Stack: HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][FPC: 7.126/HTTP.Google, Confidence: DPI][DPI packets: 2][cat: Advertisement/101][Breed: Acceptable][1 pkts/487 bytes <-> 10 pkts/21123 bytes][Goodput ratio: 86/97][0.05 sec][Hostname/SNI: www.google-analytics.com][bytes ratio: -0.955 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/21 0/7][Pkt Len c2s/s2c min/avg/max/stddev: 487/677 487/2112 487/2902 0/822][URL: www.google-analytics.com/analytics.js][StatusCode: 200][Content-Type: text/javascript][Server: Golfe2][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /analytics.js HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,45]
28 TCP 192.168.2.126:36732 <-> 142.250.186.174:80 [proto: 7.126/HTTP.Google][Stack: HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][FPC: 7.126/HTTP.Google, Confidence: DPI][DPI packets: 2][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/487 bytes <-> 10 pkts/21123 bytes][Goodput ratio: 86/97][0.05 sec][Hostname/SNI: www.google-analytics.com][bytes ratio: -0.955 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/21 0/7][Pkt Len c2s/s2c min/avg/max/stddev: 487/677 487/2112 487/2902 0/822][URL: www.google-analytics.com/analytics.js][StatusCode: 200][Content-Type: text/javascript][Server: Golfe2][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /analytics.js HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,45]
29 TCP 192.168.2.126:45388 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][Breed: Fun][2 pkts/1315 bytes <-> 8 pkts/18984 bytes][Goodput ratio: 90/97][4.33 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.870 (Download)][IAT c2s/s2c min/avg/max/stddev: 3965/0 3965/593 3965/3966 0/1379][Pkt Len c2s/s2c min/avg/max/stddev: 509/1287 658/2373 806/8258 148/2234][URL: mangaweb.1kxun.mobi/js/swiper/swiper.min.css][StatusCode: 200][Content-Type: text/css][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/swiper/swiper.min.css H)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,40,0,20]
30 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 7/HTTP][Stack: HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 274/Alibaba, Confidence: IP address][DPI packets: 9][cat: Web/5][Breed: Acceptable][20 pkts/4716 bytes <-> 13 pkts/7005 bytes][Goodput ratio: 77/90][1.19 sec][Hostname/SNI: 42.120.51.152][bytes ratio: -0.195 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 49/52 298/178 81/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 236/539 499/1314 193/556][URL: 42.120.51.152:8080/api/proxy?url=http%3A%2F%2Fvv.video.qq.com%2Fgetvinfo][StatusCode: 100][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 42.120.51.152 / Expected on port 80][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (POST /api/proxy)][Plen Bins: 11,0,0,0,0,0,0,22,0,0,0,0,0,33,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0]
31 TCP 192.168.2.126:37100 <-> 52.29.177.177:80 [proto: 7/HTTP][Stack: HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 4][cat: Web/5][Breed: Acceptable][12 pkts/8973 bytes <-> 4 pkts/687 bytes][Goodput ratio: 91/61][7.04 sec][Hostname/SNI: adx-tk.rayjump.com][bytes ratio: 0.858 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/185 697/1192 4610/2198 1454/1006][Pkt Len c2s/s2c min/avg/max/stddev: 86/169 748/172 1506/180 594/5][StatusCode: 204][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /track)][Plen Bins: 25,0,0,25,0,0,0,0,0,0,0,0,0,0,12,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
@ -137,7 +138,7 @@ JA Host Stats:
62 TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][Breed: Fun][10 pkts/1406 bytes <-> 4 pkts/980 bytes][Goodput ratio: 60/75][45.21 sec][Hostname/SNI: kankan.1kxun.com][bytes ratio: 0.179 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/9 5643/40 44798/70 14800/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 141/245 474/788 167/314][URL: kankan.1kxun.com/api/videos/alsolikes/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377899][StatusCode: 200][Content-Type: application/json][Server: openresty/1.9.3.2][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /api/videos/alsolikes/10410)][Plen Bins: 40,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
63 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][Breed: Acceptable][10 pkts/1428 bytes <-> 4 pkts/867 bytes][Goodput ratio: 60/73][0.23 sec][Hostname/SNI: 183.131.48.145][bytes ratio: 0.244 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/42 74/83 34/42][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 143/217 486/687 172/271][URL: 183.131.48.145/vlive.qqvideo.tc.qq.com/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE656][StatusCode: 302][Server: httpserver][Risk: ** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 110][Risk Info: Found host 183.131.48.145 / Empty or missing User-Agent][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /vlive.qq)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
64 UDP 192.168.5.44:51389 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][13 pkts/2275 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][59.19 sec][Hostname/SNI: 239.255.255.250][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2967/0 5110/0 15056/0 4451/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
65 TCP 192.168.2.126:45424 <-> 161.117.13.29:80 [proto: 7/HTTP][Stack: HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Streaming/17][Breed: Acceptable][1 pkts/480 bytes <-> 1 pkts/1787 bytes][Goodput ratio: 86/96][0.19 sec][Hostname/SNI: tcad.wedolook.com][URL: tcad.wedolook.com/js/websdk.js][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/websdk.js HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
65 TCP 192.168.2.126:45424 <-> 161.117.13.29:80 [proto: 7/HTTP][Stack: HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Streaming/17][Breed: Fun][1 pkts/480 bytes <-> 1 pkts/1787 bytes][Goodput ratio: 86/96][0.19 sec][Hostname/SNI: tcad.wedolook.com][URL: tcad.wedolook.com/js/websdk.js][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/websdk.js HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
66 UDP 192.168.3.95:59468 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][12 pkts/2100 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][45.06 sec][Hostname/SNI: 239.255.255.250][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2967/0 4198/0 14952/0 3585/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
67 UDP 192.168.5.9:55484 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][12 pkts/2100 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][49.87 sec][Hostname/SNI: 239.255.255.250][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 4680/0 19869/0 5063/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
68 TCP 192.168.2.126:50148 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][Breed: Fun][1 pkts/1180 bytes <-> 1 pkts/832 bytes][Goodput ratio: 94/92][0.18 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/readpage_revision/like_1.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/readpage)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0]

44
tests/cfgs/fpc_disabled/result/teams.pcap.out
View file

@ -40,10 +40,10 @@ Spotify 1 82 1
Microsoft365 531 334618 13
Teams 722 277403 23
Safe 782 298577 28
Acceptable 711 377880 53
Fun 1 82 1
Unrated 4 456 1
Safe 163 64819 9
Acceptable 1330 611638 72
Fun 1 82 1
Unspecified 4 456 1
Web 23 11660 3
@ -60,43 +60,43 @@ JA Host Stats:
1 TCP 192.168.1.6:60543 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Collaborative/15][Breed: Acceptable][67 pkts/86089 bytes <-> 40 pkts/7347 bytes][Goodput ratio: 95/64][0.72 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.843 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/16 152/86 28/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1285/184 1494/1506 497/372][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 1,1,1,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,89,3,0,0]
2 TCP 192.168.1.6:60532 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Collaborative/15][Breed: Acceptable][49 pkts/58592 bytes <-> 28 pkts/6555 bytes][Goodput ratio: 94/72][0.71 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.799 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/29 177/221 32/57][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1196/234 1494/1506 564/435][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 2,2,2,0,0,2,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,81,4,0,0]
3 TCP 192.168.1.6:60554 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Collaborative/15][Breed: Safe][24 pkts/2746 bytes <-> 28 pkts/30546 bytes][Goodput ratio: 52/95][0.23 sec][Hostname/SNI: config.teams.microsoft.com][bytes ratio: -0.835 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/9 21/140 7/29][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 114/1091 1136/1506 217/607][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: *.config.teams.microsoft.com,config.teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=config.teams.microsoft.com][Certificate SHA-1: B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA][Firefox][Validity: 2019-12-11 02:04:20 - 2021-12-11 02:04:20][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,7,0,3,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,0,0,7,0,0,0,0,0,65,0,0]
3 TCP 192.168.1.6:60554 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Collaborative/15][Breed: Acceptable][24 pkts/2746 bytes <-> 28 pkts/30546 bytes][Goodput ratio: 52/95][0.23 sec][Hostname/SNI: config.teams.microsoft.com][bytes ratio: -0.835 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/9 21/140 7/29][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 114/1091 1136/1506 217/607][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: *.config.teams.microsoft.com,config.teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=config.teams.microsoft.com][Certificate SHA-1: B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA][Firefox][Validity: 2019-12-11 02:04:20 - 2021-12-11 02:04:20][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,7,0,3,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,0,0,7,0,0,0,0,0,65,0,0]
4 TCP 192.168.1.6:60561 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: Collaborative/15][Breed: Acceptable][23 pkts/19184 bytes <-> 14 pkts/5643 bytes][Goodput ratio: 92/83][0.82 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.545 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/44 161/136 43/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 834/403 1494/1506 690/567][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 4,4,4,0,0,0,9,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,60,9,0,0]
5 TCP 192.168.1.6:60535 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 16][cat: Collaborative/15][Breed: Acceptable][21 pkts/16793 bytes <-> 13 pkts/5565 bytes][Goodput ratio: 92/84][0.33 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.502 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/18 48/49 17/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 800/428 1494/1506 681/581][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][Safari][Plen Bins: 5,5,5,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,53,10,0,0]
6 TCP 192.168.1.6:60559 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][21 pkts/15525 bytes <-> 12 pkts/5499 bytes][Goodput ratio: 91/85][0.35 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.477 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/21 52/51 22/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 739/458 1494/1506 682/595][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][Safari][Plen Bins: 5,5,5,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,52,11,0,0]
7 TCP 192.168.1.6:60545 <-> 52.114.77.58:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Collaborative/15][Breed: Safe][49 pkts/7568 bytes <-> 34 pkts/11426 bytes][Goodput ratio: 65/83][9.23 sec][Hostname/SNI: presence.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.203 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 226/294 4927/4971 803/983][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 154/336 1494/1506 217/458][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,17,10,8,6,4,0,6,2,0,0,2,6,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]
7 TCP 192.168.1.6:60545 <-> 52.114.77.58:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][49 pkts/7568 bytes <-> 34 pkts/11426 bytes][Goodput ratio: 65/83][9.23 sec][Hostname/SNI: presence.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.203 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 226/294 4927/4971 803/983][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 154/336 1494/1506 217/458][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,17,10,8,6,4,0,6,2,0,0,2,6,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]
8 TCP 192.168.1.6:60549 <-> 13.107.18.11:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 21/Outlook][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: Collaborative/15][Breed: Acceptable][28 pkts/7696 bytes <-> 26 pkts/9797 bytes][Goodput ratio: 80/85][1.16 sec][Hostname/SNI: substrate.office.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 47/23 539/167 115/43][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 275/377 1494/1506 397/471][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][ServerNames: outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com][JA3S: a66ea560599a2f5c89eec8c3a0d69cee][Issuer: C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com][Certificate SHA-1: AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2][Validity: 2019-07-12 00:00:00 - 2021-07-12 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,22,7,0,7,0,7,0,0,3,3,0,0,0,3,0,7,0,3,0,10,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0]
9 TCP 192.168.1.6:60548 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Collaborative/15][Breed: Acceptable][18 pkts/12047 bytes <-> 11 pkts/5433 bytes][Goodput ratio: 90/86][0.32 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.378 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/23 51/51 21/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 669/494 1494/1506 669/609][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 6,6,6,0,0,0,6,0,0,0,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,44,12,0,0]
10 TCP 192.168.1.6:60533 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Collaborative/15][Breed: Safe][20 pkts/1861 bytes <-> 20 pkts/12980 bytes][Goodput ratio: 41/91][0.10 sec][Hostname/SNI: teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/4 29/29 8/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 93/649 312/1506 76/603][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][ServerNames: teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,15,10,0,5,0,10,0,5,0,5,0,0,0,0,0,5,0,0,10,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0]
11 TCP 192.168.1.6:60540 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Collaborative/15][Breed: Safe][14 pkts/5711 bytes <-> 10 pkts/8093 bytes][Goodput ratio: 83/92][0.13 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.173 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 32/32 13/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 408/809 1494/1506 517/688][nDPI Fingerprint: 5fb4c79ca06d0d1a2c439b047f560ede][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][Plen Bins: 0,7,0,7,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,15,31,0,0]
10 TCP 192.168.1.6:60533 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Collaborative/15][Breed: Acceptable][20 pkts/1861 bytes <-> 20 pkts/12980 bytes][Goodput ratio: 41/91][0.10 sec][Hostname/SNI: teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/4 29/29 8/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 93/649 312/1506 76/603][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][ServerNames: teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,15,10,0,5,0,10,0,5,0,5,0,0,0,0,0,5,0,0,10,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0]
11 TCP 192.168.1.6:60540 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][14 pkts/5711 bytes <-> 10 pkts/8093 bytes][Goodput ratio: 83/92][0.13 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.173 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 32/32 13/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 408/809 1494/1506 517/688][nDPI Fingerprint: 5fb4c79ca06d0d1a2c439b047f560ede][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][Plen Bins: 0,7,0,7,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,15,31,0,0]
12 TCP 192.168.1.6:60537 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Collaborative/15][Breed: Acceptable][16 pkts/8418 bytes <-> 10 pkts/5367 bytes][Goodput ratio: 87/88][0.27 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.221 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/27 46/46 20/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 526/537 1494/1506 639/623][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,7,7,0,0,0,7,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,7,0,0,31,15,0,0]
13 TCP 192.168.1.6:60555 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 11][cat: Collaborative/15][Breed: Acceptable][18 pkts/5861 bytes <-> 13 pkts/7901 bytes][Goodput ratio: 80/89][2.79 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: -0.148 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 192/269 2443/2490 625/741][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 326/608 1494/1506 448/617][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Firefox][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,11,0,0,5,0,0,0,5,5,0,0,11,0,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,22,0,0]
14 UDP 192.168.1.6:51681 <-> 52.114.77.136:3478 [proto: 78/STUN][Stack: STUN][IP: 276/Azure][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: Network/14][Breed: Acceptable][14 pkts/5838 bytes <-> 17 pkts/7907 bytes][Goodput ratio: 90/91][4.57 sec][bytes ratio: -0.151 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 347/256 2336/2336 693/595][Pkt Len c2s/s2c min/avg/max/stddev: 79/79 417/465 1243/1227 434/401][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 6.927 (Compressed Executable?)][PLAIN TEXT (TBHSWF)][Plen Bins: 0,36,0,0,0,12,6,0,3,6,0,0,0,3,0,0,0,0,0,0,0,0,0,6,6,0,0,0,0,0,3,0,3,3,0,0,0,9,0,0,0,0,0,0,0,0,0,0]
15 TCP 192.168.1.6:60547 <-> 52.114.88.59:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 16][cat: Collaborative/15][Breed: Safe][20 pkts/3926 bytes <-> 15 pkts/8828 bytes][Goodput ratio: 66/89][0.32 sec][Hostname/SNI: chatsvcagg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.384 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/25 91/80 23/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 196/589 1494/1506 320/612][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,10,5,0,5,10,5,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,21,0,0]
16 TCP 192.168.1.6:60565 <-> 52.114.108.8:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Collaborative/15][Breed: Safe][19 pkts/3306 bytes <-> 14 pkts/9053 bytes][Goodput ratio: 61/90][0.43 sec][Hostname/SNI: emea.ng.msg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.465 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/12 276/54 68/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 174/647 1060/1506 238/633][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,22,16,5,0,0,5,0,0,0,0,0,0,5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,22,0,0]
17 TCP 192.168.1.6:60541 <-> 52.114.75.69:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: Collaborative/15][Breed: Safe][13 pkts/4051 bytes <-> 9 pkts/7973 bytes][Goodput ratio: 79/92][0.14 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.326 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/11 31/36 14/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 312/886 1494/1506 422/676][nDPI Fingerprint: 5fb4c79ca06d0d1a2c439b047f560ede][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][ServerNames: *.asm.skype.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=*.asm.skype.com][Certificate SHA-1: B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48][Validity: 2019-05-07 12:50:03 - 2021-05-07 12:50:03][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,8,0,8,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,34,0,0]
15 TCP 192.168.1.6:60547 <-> 52.114.88.59:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 16][cat: Collaborative/15][Breed: Acceptable][20 pkts/3926 bytes <-> 15 pkts/8828 bytes][Goodput ratio: 66/89][0.32 sec][Hostname/SNI: chatsvcagg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.384 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/25 91/80 23/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 196/589 1494/1506 320/612][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,10,5,0,5,10,5,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,21,0,0]
16 TCP 192.168.1.6:60565 <-> 52.114.108.8:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][19 pkts/3306 bytes <-> 14 pkts/9053 bytes][Goodput ratio: 61/90][0.43 sec][Hostname/SNI: emea.ng.msg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.465 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/12 276/54 68/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 174/647 1060/1506 238/633][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,22,16,5,0,0,5,0,0,0,0,0,0,5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,22,0,0]
17 TCP 192.168.1.6:60541 <-> 52.114.75.69:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: Collaborative/15][Breed: Acceptable][13 pkts/4051 bytes <-> 9 pkts/7973 bytes][Goodput ratio: 79/92][0.14 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.326 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/11 31/36 14/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 312/886 1494/1506 422/676][nDPI Fingerprint: 5fb4c79ca06d0d1a2c439b047f560ede][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][ServerNames: *.asm.skype.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=*.asm.skype.com][Certificate SHA-1: B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48][Validity: 2019-05-07 12:50:03 - 2021-05-07 12:50:03][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,8,0,8,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,34,0,0]
18 TCP 192.168.1.6:60556 <-> 40.126.9.7:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 219/Microsoft365][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][15 pkts/4178 bytes <-> 12 pkts/7795 bytes][Goodput ratio: 76/90][0.43 sec][Hostname/SNI: login.microsoftonline.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.302 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/45 105/135 29/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 279/650 1494/1506 415/671][nDPI Fingerprint: 7d566af7d9cf82d9648af572f48542b0][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d2010h2_2a284e3b0c56_f05fdf8c38a9][Safari][Plen Bins: 7,7,0,15,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,7,31,0,0]
19 TCP 192.168.1.6:60560 <-> 40.126.9.67:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 219/Microsoft365][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Collaborative/15][Breed: Acceptable][14 pkts/4099 bytes <-> 12 pkts/7812 bytes][Goodput ratio: 77/90][0.36 sec][Hostname/SNI: login.microsoftonline.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.312 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/20 107/54 31/21][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 293/651 1494/1506 427/672][nDPI Fingerprint: 7d566af7d9cf82d9648af572f48542b0][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d2010h2_2a284e3b0c56_f05fdf8c38a9][ServerNames: login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com][JA3S: 678aeaf909676262acfb913ccb78a126][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=stamp2.login.microsoftonline.com][Certificate SHA-1: 7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63][Safari][Validity: 2018-09-24 21:49:30 - 2020-09-24 21:49:30][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,7,0,15,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,7,31,0,0]
20 TCP 192.168.1.6:60544 <-> 52.114.76.48:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Collaborative/15][Breed: Safe][21 pkts/3510 bytes <-> 17 pkts/8350 bytes][Goodput ratio: 67/89][9.73 sec][Hostname/SNI: northeurope.notifications.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.408 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/743 403/8978 94/2380][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 167/491 1114/1506 247/578][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,10,0,5,0,0,10,5,0,0,15,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,21,0,0]
20 TCP 192.168.1.6:60544 <-> 52.114.76.48:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][21 pkts/3510 bytes <-> 17 pkts/8350 bytes][Goodput ratio: 67/89][9.73 sec][Hostname/SNI: northeurope.notifications.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.408 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/743 403/8978 94/2380][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 167/491 1114/1506 247/578][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,10,0,5,0,0,10,5,0,0,15,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,21,0,0]
21 TCP 192.168.1.6:60562 <-> 104.40.187.151:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI (partial)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 16][cat: Collaborative/15][Breed: Safe][19 pkts/3484 bytes <-> 13 pkts/8009 bytes][Goodput ratio: 63/89][0.29 sec][Hostname/SNI: api.microsoftstream.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.394 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/12 45/45 15/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 183/616 1379/1506 297/613][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,22,22,0,0,0,5,5,0,0,0,5,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,22,0,0]
22 TCP 192.168.1.6:60563 <-> 52.169.186.119:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI (partial)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 16][cat: Collaborative/15][Breed: Safe][17 pkts/3244 bytes <-> 12 pkts/8152 bytes][Goodput ratio: 65/90][0.22 sec][Hostname/SNI: euno-1.api.microsoftstream.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.431 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/13 69/48 22/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 191/679 1352/1506 306/618][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,18,18,0,0,0,6,6,0,0,0,6,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,25,0,0]
23 TCP 192.168.1.6:60552 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Collaborative/15][Breed: Acceptable][14 pkts/5842 bytes <-> 11 pkts/5445 bytes][Goodput ratio: 84/86][0.66 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.035 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/71 143/237 42/77][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 417/495 1494/1506 527/609][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 8,8,8,0,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,16,16,0,0]
24 TCP 192.168.1.6:60542 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Collaborative/15][Breed: Safe][18 pkts/2750 bytes <-> 19 pkts/8360 bytes][Goodput ratio: 64/87][2.95 sec][Hostname/SNI: config.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.505 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 197/61 1998/468 513/122][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 153/440 575/1506 158/563][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][ServerNames: *.config.teams.microsoft.com,config.teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=config.teams.microsoft.com][Certificate SHA-1: B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA][Validity: 2019-12-11 02:04:20 - 2021-12-11 02:04:20][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,11,11,0,11,0,11,0,0,11,5,0,5,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0]
25 TCP 192.168.1.6:60536 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Collaborative/15][Breed: Safe][13 pkts/3676 bytes <-> 10 pkts/6984 bytes][Goodput ratio: 80/92][0.04 sec][Hostname/SNI: teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.310 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/4 13/15 5/6][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 283/698 1494/1506 438/666][nDPI Fingerprint: 5fb4c79ca06d0d1a2c439b047f560ede][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][ServerNames: teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,7,15,0,7,0,15,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0]
24 TCP 192.168.1.6:60542 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Collaborative/15][Breed: Acceptable][18 pkts/2750 bytes <-> 19 pkts/8360 bytes][Goodput ratio: 64/87][2.95 sec][Hostname/SNI: config.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.505 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 197/61 1998/468 513/122][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 153/440 575/1506 158/563][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][ServerNames: *.config.teams.microsoft.com,config.teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=config.teams.microsoft.com][Certificate SHA-1: B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA][Validity: 2019-12-11 02:04:20 - 2021-12-11 02:04:20][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,11,11,0,11,0,11,0,0,11,5,0,5,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0]
25 TCP 192.168.1.6:60536 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Collaborative/15][Breed: Acceptable][13 pkts/3676 bytes <-> 10 pkts/6984 bytes][Goodput ratio: 80/92][0.04 sec][Hostname/SNI: teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.310 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/4 13/15 5/6][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 283/698 1494/1506 438/666][nDPI Fingerprint: 5fb4c79ca06d0d1a2c439b047f560ede][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][ServerNames: teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,7,15,0,7,0,15,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0]
26 TCP 192.168.1.6:60568 <-> 40.79.138.41:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI (partial)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Collaborative/15][Breed: Safe][12 pkts/2175 bytes <-> 9 pkts/8211 bytes][Goodput ratio: 62/93][0.18 sec][Hostname/SNI: gate.hockeyapp.net][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.581 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/22 37/68 16/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 181/912 599/1506 178/631][nDPI Fingerprint: 7d566af7d9cf82d9648af572f48542b0][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d2010h2_2a284e3b0c56_f05fdf8c38a9][Safari][Plen Bins: 0,0,0,9,0,9,0,9,0,0,0,0,9,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,36,0,0]
27 TCP 192.168.1.6:60564 <-> 40.79.138.41:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI (partial)][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Collaborative/15][Breed: Safe][12 pkts/2159 bytes <-> 9 pkts/8211 bytes][Goodput ratio: 62/93][0.17 sec][Hostname/SNI: gate.hockeyapp.net][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.584 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/20 33/42 14/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 180/912 599/1506 176/631][nDPI Fingerprint: 7d566af7d9cf82d9648af572f48542b0][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d2010h2_2a284e3b0c56_f05fdf8c38a9][Safari][Plen Bins: 0,0,0,9,0,9,0,9,0,0,0,0,9,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,36,0,0]
28 TCP 192.168.1.6:60551 <-> 52.114.15.45:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 11][cat: Collaborative/15][Breed: Safe][13 pkts/2426 bytes <-> 11 pkts/7772 bytes][Goodput ratio: 70/92][0.88 sec][Hostname/SNI: trouter2-asse-a.trouter.teams.microsoft.com][bytes ratio: -0.524 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 70/90 207/235 82/92][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 187/707 1393/1506 353/636][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: *.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2][Subject: CN=*.trouter.teams.microsoft.com][Certificate SHA-1: DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4][Firefox][Validity: 2019-11-29 17:57:58 - 2021-11-29 17:57:58][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,24,0,7,7,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,31,0,0]
28 TCP 192.168.1.6:60551 <-> 52.114.15.45:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 11][cat: Collaborative/15][Breed: Acceptable][13 pkts/2426 bytes <-> 11 pkts/7772 bytes][Goodput ratio: 70/92][0.88 sec][Hostname/SNI: trouter2-asse-a.trouter.teams.microsoft.com][bytes ratio: -0.524 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 70/90 207/235 82/92][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 187/707 1393/1506 353/636][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: *.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2][Subject: CN=*.trouter.teams.microsoft.com][Certificate SHA-1: DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4][Firefox][Validity: 2019-11-29 17:57:58 - 2021-11-29 17:57:58][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,24,0,7,7,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,31,0,0]
29 TCP 192.168.1.6:60534 <-> 40.126.9.5:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 219/Microsoft365][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][15 pkts/2846 bytes <-> 10 pkts/7289 bytes][Goodput ratio: 64/91][0.20 sec][Hostname/SNI: login.microsoftonline.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.438 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/21 41/53 16/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 190/729 1471/1506 349/665][nDPI Fingerprint: 7d566af7d9cf82d9648af572f48542b0][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d2010h2_2a284e3b0c56_f05fdf8c38a9][Safari][Plen Bins: 9,9,0,18,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,36,0,0]
30 TCP 162.125.19.131:443 <-> 192.168.1.6:60344 [proto: 91/TLS][Stack: TLS][IP: 121/Dropbox][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Web/5][Breed: Safe][8 pkts/761 bytes <-> 8 pkts/9347 bytes][Goodput ratio: 31/94][0.12 sec][bytes ratio: -0.849 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/1 111/4 41/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 95/1168 299/1494 77/500][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,63,0,0,0]
31 TCP 192.168.1.6:60567 <-> 52.114.77.136:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Collaborative/15][Breed: Safe][13 pkts/2389 bytes <-> 11 pkts/7293 bytes][Goodput ratio: 69/91][1.77 sec][Hostname/SNI: api.flightproxy.teams.microsoft.com][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/50 84/122 28/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 184/663 703/1506 228/665][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 0,16,0,16,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,16,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
32 TCP 192.168.1.6:60557 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Collaborative/15][Breed: Safe][12 pkts/2422 bytes <-> 13 pkts/7118 bytes][Goodput ratio: 72/90][0.17 sec][Hostname/SNI: teams.microsoft.com][bytes ratio: -0.492 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/14 91/79 27/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 202/548 954/1506 267/645][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Firefox][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,0,8,0,8,8,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
31 TCP 192.168.1.6:60567 <-> 52.114.77.136:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][13 pkts/2389 bytes <-> 11 pkts/7293 bytes][Goodput ratio: 69/91][1.77 sec][Hostname/SNI: api.flightproxy.teams.microsoft.com][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/50 84/122 28/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 184/663 703/1506 228/665][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 0,16,0,16,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,16,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
32 TCP 192.168.1.6:60557 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 12][cat: Collaborative/15][Breed: Acceptable][12 pkts/2422 bytes <-> 13 pkts/7118 bytes][Goodput ratio: 72/90][0.17 sec][Hostname/SNI: teams.microsoft.com][bytes ratio: -0.492 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/14 91/79 27/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 202/548 954/1506 267/645][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Firefox][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,0,8,0,8,8,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
33 UDP 93.71.110.205:16332 <-> 192.168.1.6:50016 [proto: 78.38/STUN.TeamsCall][Stack: STUN.TeamsCall][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: VoIP/10][Breed: Acceptable][30 pkts/5952 bytes <-> 7 pkts/3184 bytes][Goodput ratio: 79/91][2.72 sec][bytes ratio: 0.303 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 99/467 1167/1168 282/553][Pkt Len c2s/s2c min/avg/max/stddev: 80/80 198/455 1256/1256 284/507][Mapped IP/Port: 93.71.110.205:16332][PLAIN TEXT (SMnzNK)][Plen Bins: 0,8,60,18,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0]
34 TCP 192.168.1.6:50036 <-> 52.114.250.153:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 13][cat: Collaborative/15][Breed: Safe][17 pkts/1759 bytes <-> 13 pkts/7267 bytes][Goodput ratio: 46/90][3.92 sec][Hostname/SNI: 52.114.250.153][bytes ratio: -0.610 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 273/381 3619/3662 928/1094][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 103/559 289/1506 79/554][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.153 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][nDPI Fingerprint: 9a0007ae7d111b0357685510564bb3b6][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 11,11,0,11,0,18,5,5,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0]
35 TCP 192.168.1.6:60538 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Collaborative/15][Breed: Safe][12 pkts/1791 bytes <-> 8 pkts/7215 bytes][Goodput ratio: 54/93][0.15 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.602 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/16 37/65 15/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 149/902 689/1506 176/629][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,10,0,10,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
36 TCP 192.168.1.6:60539 <-> 52.114.75.69:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Collaborative/15][Breed: Safe][12 pkts/1773 bytes <-> 8 pkts/7189 bytes][Goodput ratio: 53/93][0.15 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/20 32/58 15/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 148/899 674/1506 171/632][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,10,0,10,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
37 TCP 192.168.1.6:50018 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Collaborative/15][Breed: Safe][20 pkts/1629 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 29/90][1.92 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.626 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/18 69/92 24/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 81/546 241/1506 48/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
38 TCP 192.168.1.6:50021 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Collaborative/15][Breed: Safe][18 pkts/1509 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 32/90][0.66 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.649 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/23 46/85 20/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 84/546 241/1506 50/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
39 TCP 192.168.1.6:50014 <-> 52.114.250.152:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 14][cat: Collaborative/15][Breed: Safe][14 pkts/1347 bytes <-> 11 pkts/6975 bytes][Goodput ratio: 42/91][0.22 sec][Hostname/SNI: 52.114.250.152][bytes ratio: -0.676 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/22 43/84 20/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96/634 289/1506 73/570][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.152 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][nDPI Fingerprint: 9a0007ae7d111b0357685510564bb3b6][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,14,0,14,0,14,0,7,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0]
34 TCP 192.168.1.6:50036 <-> 52.114.250.153:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 13][cat: Collaborative/15][Breed: Acceptable][17 pkts/1759 bytes <-> 13 pkts/7267 bytes][Goodput ratio: 46/90][3.92 sec][Hostname/SNI: 52.114.250.153][bytes ratio: -0.610 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 273/381 3619/3662 928/1094][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 103/559 289/1506 79/554][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.153 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][nDPI Fingerprint: 9a0007ae7d111b0357685510564bb3b6][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 11,11,0,11,0,18,5,5,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0]
35 TCP 192.168.1.6:60538 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][12 pkts/1791 bytes <-> 8 pkts/7215 bytes][Goodput ratio: 54/93][0.15 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.602 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/16 37/65 15/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 149/902 689/1506 176/629][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,10,0,10,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
36 TCP 192.168.1.6:60539 <-> 52.114.75.69:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][12 pkts/1773 bytes <-> 8 pkts/7189 bytes][Goodput ratio: 53/93][0.15 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/20 32/58 15/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 148/899 674/1506 171/632][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,10,0,10,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
37 TCP 192.168.1.6:50018 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][20 pkts/1629 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 29/90][1.92 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.626 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/18 69/92 24/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 81/546 241/1506 48/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
38 TCP 192.168.1.6:50021 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][18 pkts/1509 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 32/90][0.66 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.649 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/23 46/85 20/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 84/546 241/1506 50/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
39 TCP 192.168.1.6:50014 <-> 52.114.250.152:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 14][cat: Collaborative/15][Breed: Acceptable][14 pkts/1347 bytes <-> 11 pkts/6975 bytes][Goodput ratio: 42/91][0.22 sec][Hostname/SNI: 52.114.250.152][bytes ratio: -0.676 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/22 43/84 20/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96/634 289/1506 73/570][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.152 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][nDPI Fingerprint: 9a0007ae7d111b0357685510564bb3b6][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,14,0,14,0,14,0,7,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0]
40 TCP 192.168.1.6:60566 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][Stack: TLS.ntop][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][Breed: Safe][9 pkts/3029 bytes <-> 8 pkts/2213 bytes][Goodput ratio: 80/76][2.73 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 351/431 1977/2053 668/728][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/277 1012/1291 385/397][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][nDPI Fingerprint: c065e46d9db9a0ceb94dd29c4017c325][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0]
41 TCP 192.168.1.6:60546 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][Stack: TLS.ntop][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Network/14][Breed: Safe][10 pkts/2195 bytes <-> 10 pkts/2077 bytes][Goodput ratio: 69/68][5.38 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 650/754 5000/5000 1645/1734][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/208 1021/1292 308/364][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][nDPI Fingerprint: c065e46d9db9a0ceb94dd29c4017c325][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0]
42 UDP 192.168.1.6:50036 <-> 52.114.250.137:3478 [proto: 78.38/STUN.TeamsCall][Stack: STUN.TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 7][cat: VoIP/10][Breed: Acceptable][5 pkts/1390 bytes <-> 4 pkts/733 bytes][Goodput ratio: 85/77][4.06 sec][bytes ratio: 0.309 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/100 1003/774 2235/2092 994/932][Pkt Len c2s/s2c min/avg/max/stddev: 228/174 278/183 314/198 33/10][Mapped IP/Port: 93.71.110.205:16333][Peer IP/Port: 18.140.192.228:28678][PLAIN TEXT (rtcmedia)][Plen Bins: 0,0,0,0,44,11,11,11,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

15
tests/cfgs/guess_ip_before_port_enabled/result/1kxun.pcap.out
View file

@ -47,11 +47,12 @@ MpegDash 1 299 1
Line 51 26090 3
Mikrotik 5 864 5
Safe 103 22679 9
Acceptable 663 523182 129
Fun 933 1975152 48
Dangerous 5 1197 2
Unrated 19 5564 9
Safe 103 22679 9
Acceptable 637 470364 126
Fun 935 1977419 49
Dangerous 5 1197 2
Tracker_Ads 24 50551 2
Unspecified 19 5564 9
Media 13 4318 2
@ -93,10 +94,10 @@ JA Host Stats:
22 TCP 192.168.115.8:49606 <-> 106.185.35.110:80 [proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][Breed: Fun][22 pkts/1926 bytes <-> 28 pkts/33821 bytes][Goodput ratio: 37/95][0.42 sec][Hostname/SNI: jp.kankan.1kxun.mobi][bytes ratio: -0.892 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/8 194/109 46/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 88/1208 411/1314 102/329][URL: jp.kankan.1kxun.mobi/api/movies/mp4script/10410?definition=true][StatusCode: 200][Content-Type: text/xml][Server: openresty/1.9.7.1][Risk: ** HTTP Susp User-Agent **][Risk Score: 100][Risk Info: Empty or missing User-Agent][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /api/movies/mp4)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,89,0,0,0,0,0,0,0,0]
23 TCP 192.168.115.8:49599 <-> 106.187.35.246:80 [proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][Breed: Fun][16 pkts/1612 bytes <-> 27 pkts/29579 bytes][Goodput ratio: 45/95][45.24 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.897 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/6 66/65 23/18][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 101/1096 415/1314 119/461][URL: pic.1kxun.com/video_kankan/images/videos/13480-alps.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /video)][Plen Bins: 7,3,0,0,0,0,0,0,0,3,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,79,0,0,0,0,0,0,0,0]
24 TCP 192.168.2.126:44368 <-> 172.217.18.98:80 [proto: 7.239/HTTP.GoogleServices][Stack: HTTP.GoogleServices][IP: 126/Google][ClearText][Confidence: DPI][FPC: 7.239/HTTP.GoogleServices, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/489 bytes <-> 16 pkts/29841 bytes][Goodput ratio: 86/96][0.06 sec][Hostname/SNI: www.googletagservices.com][bytes ratio: -0.968 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/2 0/22 0/6][Pkt Len c2s/s2c min/avg/max/stddev: 489/491 489/1865 489/2902 0/738][URL: www.googletagservices.com/tag/js/gpt.js][StatusCode: 200][Content-Type: text/javascript][Server: sffe][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /tag/js/gpt.j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,59,0,0,29]
25 TCP 192.168.2.126:38354 <-> 142.250.186.34:80 [proto: 7.126/HTTP.Google][Stack: HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][FPC: 7.126/HTTP.Google, Confidence: DPI][DPI packets: 9][cat: Advertisement/101][Breed: Acceptable][1 pkts/586 bytes <-> 12 pkts/28355 bytes][Goodput ratio: 89/97][0.08 sec][Hostname/SNI: pagead2.googlesyndication.com][bytes ratio: -0.960 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/23 0/7][Pkt Len c2s/s2c min/avg/max/stddev: 586/687 586/2363 586/2902 0/788][URL: pagead2.googlesyndication.com/pagead/show_ads.js][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /pagead/show)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0,62]
25 TCP 192.168.2.126:38354 <-> 142.250.186.34:80 [proto: 7.126/HTTP.Google][Stack: HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][FPC: 7.126/HTTP.Google, Confidence: DPI][DPI packets: 9][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/586 bytes <-> 12 pkts/28355 bytes][Goodput ratio: 89/97][0.08 sec][Hostname/SNI: pagead2.googlesyndication.com][bytes ratio: -0.960 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/23 0/7][Pkt Len c2s/s2c min/avg/max/stddev: 586/687 586/2363 586/2902 0/788][URL: pagead2.googlesyndication.com/pagead/show_ads.js][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /pagead/show)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0,62]
26 TCP 192.168.2.126:35664 <-> 18.66.2.90:80 [proto: 7/HTTP][Stack: HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/249 bytes <-> 9 pkts/27029 bytes][Goodput ratio: 73/98][0.02 sec][Hostname/SNI: cdn.liftoff.io][bytes ratio: -0.982 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/1 0/3 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 249/797 249/3003 249/4350 0/1362][URL: cdn.liftoff.io/customers/45d4b09eba/image/lambda_jpg_89/398101234e6cf5b3a8d8.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /customers/45)][Plen Bins: 0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,60]
27 TCP 192.168.115.8:49603 <-> 106.187.35.246:80 [proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][Breed: Fun][12 pkts/1396 bytes <-> 22 pkts/24184 bytes][Goodput ratio: 52/95][45.24 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.891 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5632/4 45001/65 14880/15][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116/1099 415/1314 134/455][URL: pic.1kxun.com/video_kankan/images/videos/16649-ljdz.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /video)][Plen Bins: 8,0,0,0,0,0,0,0,0,4,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,75,0,0,0,0,0,0,0,0]
28 TCP 192.168.2.126:36732 <-> 142.250.186.174:80 [proto: 7.126/HTTP.Google][Stack: HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][FPC: 7.126/HTTP.Google, Confidence: DPI][DPI packets: 2][cat: Advertisement/101][Breed: Acceptable][1 pkts/487 bytes <-> 10 pkts/21123 bytes][Goodput ratio: 86/97][0.05 sec][Hostname/SNI: www.google-analytics.com][bytes ratio: -0.955 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/21 0/7][Pkt Len c2s/s2c min/avg/max/stddev: 487/677 487/2112 487/2902 0/822][URL: www.google-analytics.com/analytics.js][StatusCode: 200][Content-Type: text/javascript][Server: Golfe2][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /analytics.js HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,45]
28 TCP 192.168.2.126:36732 <-> 142.250.186.174:80 [proto: 7.126/HTTP.Google][Stack: HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][FPC: 7.126/HTTP.Google, Confidence: DPI][DPI packets: 2][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/487 bytes <-> 10 pkts/21123 bytes][Goodput ratio: 86/97][0.05 sec][Hostname/SNI: www.google-analytics.com][bytes ratio: -0.955 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/21 0/7][Pkt Len c2s/s2c min/avg/max/stddev: 487/677 487/2112 487/2902 0/822][URL: www.google-analytics.com/analytics.js][StatusCode: 200][Content-Type: text/javascript][Server: Golfe2][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /analytics.js HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,45]
29 TCP 192.168.2.126:45388 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][Breed: Fun][2 pkts/1315 bytes <-> 8 pkts/18984 bytes][Goodput ratio: 90/97][4.33 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.870 (Download)][IAT c2s/s2c min/avg/max/stddev: 3965/0 3965/593 3965/3966 0/1379][Pkt Len c2s/s2c min/avg/max/stddev: 509/1287 658/2373 806/8258 148/2234][URL: mangaweb.1kxun.mobi/js/swiper/swiper.min.css][StatusCode: 200][Content-Type: text/css][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/swiper/swiper.min.css H)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,40,0,20]
30 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 7/HTTP][Stack: HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 274/Alibaba, Confidence: IP address][DPI packets: 9][cat: Web/5][Breed: Acceptable][20 pkts/4716 bytes <-> 13 pkts/7005 bytes][Goodput ratio: 77/90][1.19 sec][Hostname/SNI: 42.120.51.152][bytes ratio: -0.195 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 49/52 298/178 81/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 236/539 499/1314 193/556][URL: 42.120.51.152:8080/api/proxy?url=http%3A%2F%2Fvv.video.qq.com%2Fgetvinfo][StatusCode: 100][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 42.120.51.152 / Expected on port 80][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (POST /api/proxy)][Plen Bins: 11,0,0,0,0,0,0,22,0,0,0,0,0,33,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0]
31 TCP 192.168.2.126:37100 <-> 52.29.177.177:80 [proto: 7/HTTP][Stack: HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 4][cat: Web/5][Breed: Acceptable][12 pkts/8973 bytes <-> 4 pkts/687 bytes][Goodput ratio: 91/61][7.04 sec][Hostname/SNI: adx-tk.rayjump.com][bytes ratio: 0.858 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/185 697/1192 4610/2198 1454/1006][Pkt Len c2s/s2c min/avg/max/stddev: 86/169 748/172 1506/180 594/5][StatusCode: 204][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /track)][Plen Bins: 25,0,0,25,0,0,0,0,0,0,0,0,0,0,12,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
@ -133,7 +134,7 @@ JA Host Stats:
62 TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][Breed: Fun][10 pkts/1406 bytes <-> 4 pkts/980 bytes][Goodput ratio: 60/75][45.21 sec][Hostname/SNI: kankan.1kxun.com][bytes ratio: 0.179 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/9 5643/40 44798/70 14800/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 141/245 474/788 167/314][URL: kankan.1kxun.com/api/videos/alsolikes/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377899][StatusCode: 200][Content-Type: application/json][Server: openresty/1.9.3.2][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /api/videos/alsolikes/10410)][Plen Bins: 40,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
63 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][Breed: Acceptable][10 pkts/1428 bytes <-> 4 pkts/867 bytes][Goodput ratio: 60/73][0.23 sec][Hostname/SNI: 183.131.48.145][bytes ratio: 0.244 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/42 74/83 34/42][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 143/217 486/687 172/271][URL: 183.131.48.145/vlive.qqvideo.tc.qq.com/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE656][StatusCode: 302][Server: httpserver][Risk: ** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 110][Risk Info: Found host 183.131.48.145 / Empty or missing User-Agent][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /vlive.qq)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
64 UDP 192.168.5.44:51389 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][13 pkts/2275 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][59.19 sec][Hostname/SNI: 239.255.255.250][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2967/0 5110/0 15056/0 4451/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
65 TCP 192.168.2.126:45424 <-> 161.117.13.29:80 [proto: 7/HTTP][Stack: HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Streaming/17][Breed: Acceptable][1 pkts/480 bytes <-> 1 pkts/1787 bytes][Goodput ratio: 86/96][0.19 sec][Hostname/SNI: tcad.wedolook.com][URL: tcad.wedolook.com/js/websdk.js][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/websdk.js HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
65 TCP 192.168.2.126:45424 <-> 161.117.13.29:80 [proto: 7/HTTP][Stack: HTTP][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Streaming/17][Breed: Fun][1 pkts/480 bytes <-> 1 pkts/1787 bytes][Goodput ratio: 86/96][0.19 sec][Hostname/SNI: tcad.wedolook.com][URL: tcad.wedolook.com/js/websdk.js][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/websdk.js HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
66 UDP 192.168.3.95:59468 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][12 pkts/2100 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][45.06 sec][Hostname/SNI: 239.255.255.250][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2967/0 4198/0 14952/0 3585/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
67 UDP 192.168.5.9:55484 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][12 pkts/2100 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][49.87 sec][Hostname/SNI: 239.255.255.250][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 4680/0 19869/0 5063/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
68 TCP 192.168.2.126:50148 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 274/Alibaba][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][Breed: Fun][1 pkts/1180 bytes <-> 1 pkts/832 bytes][Goodput ratio: 94/92][0.18 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/readpage_revision/like_1.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/readpage)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0]

7
tests/cfgs/guessing_disable/result/webex.pcap.out
View file

@ -29,9 +29,10 @@ SIP 22 15356 1
Google 17 6375 1
Webex 774 499515 29
Safe 250 28977 20
Acceptable 835 524428 33
Unrated 25 1701 4
Safe 250 28977 20
Acceptable 818 518053 32
Tracker_Ads 17 6375 1
Unspecified 25 1701 4
Web 272 32159 22
@ -66,7 +67,7 @@ JA Host Stats:
21 TCP 10.8.0.1:55665 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][Stack: TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][Breed: Acceptable][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][Goodput ratio: 66/87][1.40 sec][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 127/190 512/509 170/160][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163/432 590/3961 167/1117][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][nDPI Fingerprint: 265bb6ba064759800a0118d131206482][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i440400_e56d601e95ee_282f11336259][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,25,0,12,0,12,12,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12]
22 TCP 10.8.0.1:55671 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][Stack: TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][Breed: Acceptable][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][Goodput ratio: 66/87][1.32 sec][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 118/180 470/468 157/151][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163/432 590/3961 167/1117][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][nDPI Fingerprint: 265bb6ba064759800a0118d131206482][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i440400_e56d601e95ee_282f11336259][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,25,0,12,0,12,12,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12]
23 TCP 10.8.0.1:55687 <-> 173.243.0.110:443 [proto: 91.141/TLS.Webex][Stack: TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][Breed: Acceptable][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][Goodput ratio: 66/87][4.59 sec][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 305/639 1712/1786 557/738][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 163/432 590/3961 167/1117][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][nDPI Fingerprint: 265bb6ba064759800a0118d131206482][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i440400_e56d601e95ee_282f11336259][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,25,0,12,0,12,12,0,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12]
24 TCP 10.8.0.1:43433 <-> 216.58.208.40:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Advertisement/101][Breed: Acceptable][9 pkts/1540 bytes <-> 8 pkts/4835 bytes][Goodput ratio: 67/91][3.85 sec][Hostname/SNI: ssl.google-analytics.com][bytes ratio: -0.517 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/1 389/621 1225/1224 477/511][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 171/604 590/3751 168/1199][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: d1706bbb5bee9ea9e5981bfb64e0a8dd][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1.2][JA4: t12d200500_6e20beb92e8e_c70a3c84db07][ServerNames: *.google-analytics.com,app-measurement.com,google-analytics.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googletagmanager.com][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google-analytics.com][Certificate SHA-1: E0:F0:1E:71:F2:B5:D9:2D:F7:4E:8F:CB:10:37:17:7C:0C:C4:07:9D][Firefox][Validity: 2015-09-29 19:00:07 - 2015-12-28 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,14,14,0,0,14,14,0,0,0,0,14,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14]
24 TCP 10.8.0.1:43433 <-> 216.58.208.40:443 [proto: 91.126/TLS.Google][Stack: TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI][FPC: 126/Google, Confidence: IP address][DPI packets: 6][cat: Advertisement/101][Breed: Tracker_Ads][9 pkts/1540 bytes <-> 8 pkts/4835 bytes][Goodput ratio: 67/91][3.85 sec][Hostname/SNI: ssl.google-analytics.com][bytes ratio: -0.517 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/1 389/621 1225/1224 477/511][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 171/604 590/3751 168/1199][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: d1706bbb5bee9ea9e5981bfb64e0a8dd][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1.2][JA4: t12d200500_6e20beb92e8e_c70a3c84db07][ServerNames: *.google-analytics.com,app-measurement.com,google-analytics.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googletagmanager.com][JA3S: 389ed42c02ebecc32e73aa31def07e14][Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2][Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google-analytics.com][Certificate SHA-1: E0:F0:1E:71:F2:B5:D9:2D:F7:4E:8F:CB:10:37:17:7C:0C:C4:07:9D][Firefox][Validity: 2015-09-29 19:00:07 - 2015-12-28 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,14,14,0,0,14,14,0,0,0,0,14,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14]
25 TCP 10.8.0.1:51646 <-> 114.29.204.49:443 [proto: 91.141/TLS.Webex][Stack: TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 8][cat: VoIP/10][Breed: Acceptable][9 pkts/895 bytes <-> 8 pkts/4398 bytes][Goodput ratio: 43/90][3.11 sec][bytes ratio: -0.662 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 263/413 1025/1231 416/511][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 99/550 380/2581 101/889][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][nDPI Fingerprint: 243e6139d9b4c6b9b889def424d85b70][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,40,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,20]
26 TCP 10.8.0.1:52219 <-> 64.68.121.100:443 [proto: 91.141/TLS.Webex][Stack: TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][Breed: Acceptable][8 pkts/841 bytes <-> 7 pkts/4376 bytes][Goodput ratio: 46/91][4.09 sec][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/10 301/484 1105/1237 425/496][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 105/625 380/3993 106/1375][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][nDPI Fingerprint: 243e6139d9b4c6b9b889def424d85b70][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,50,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25]
27 TCP 10.8.0.1:55969 <-> 64.68.121.99:443 [proto: 91.141/TLS.Webex][Stack: TLS.Webex][IP: 141/Webex][Encrypted][Confidence: DPI][FPC: 141/Webex, Confidence: IP address][DPI packets: 6][cat: VoIP/10][Breed: Acceptable][8 pkts/841 bytes <-> 7 pkts/4376 bytes][Goodput ratio: 46/91][4.08 sec][bytes ratio: -0.678 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/7 299/483 1096/1238 423/498][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 105/625 380/3993 106/1375][Risk: ** Obsolete TLS (v1.1 or older) **** Weak TLS Cipher **][Risk Score: 200][Risk Info: Cipher TLS_RSA_WITH_AES_256_CBC_SHA / TLSv1][nDPI Fingerprint: 243e6139d9b4c6b9b889def424d85b70][TCP Fingerprint: 2_64_14600_8c07a80cc645/Linux][TLSv1][JA4: t10i020200_f2d8273d9564_18d1e47e0978][ServerNames: *.webex.com][JA3S: 91589ea825a2ee41810c85fab06d2ef6][Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4][Subject: C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com][Certificate SHA-1: 61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1][Validity: 2015-04-10 00:00:00 - 2018-04-10 23:59:59][Cipher: TLS_RSA_WITH_AES_256_CBC_SHA][Plen Bins: 0,50,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25]

2
tests/cfgs/huge_number_of_custom_protocols/result/synscan.pcap.out
View file

@ -244,12 +244,12 @@ xgrid 2 116 2
xmpp_jabber 4 232 4
YahooMessenger 2 116 2
Unrated 1528 88626 1527
Safe 6 348 6
Acceptable 453 26306 437
Fun 8 464 8
Unsafe 14 812 14
Potentially_Dangerous 2 116 2
Unrated 1528 88626 1527
Unspecified 1883 109230 1875
Media 6 348 6

15
tests/cfgs/ip_lists_disable/result/1kxun.pcap.out
View file

@ -46,11 +46,12 @@ MpegDash 1 299 1
Line 28 18656 2
Mikrotik 5 864 5
Safe 126 30113 10
Acceptable 640 515748 128
Fun 933 1975152 48
Dangerous 5 1197 2
Unrated 19 5564 9
Safe 126 30113 10
Acceptable 614 462930 125
Fun 935 1977419 49
Dangerous 5 1197 2
Tracker_Ads 24 50551 2
Unspecified 19 5564 9
Media 13 4318 2
@ -92,10 +93,10 @@ JA Host Stats:
22 TCP 192.168.115.8:49606 <-> 106.185.35.110:80 [proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][Breed: Fun][22 pkts/1926 bytes <-> 28 pkts/33821 bytes][Goodput ratio: 37/95][0.42 sec][Hostname/SNI: jp.kankan.1kxun.mobi][bytes ratio: -0.892 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/8 194/109 46/24][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 88/1208 411/1314 102/329][URL: jp.kankan.1kxun.mobi/api/movies/mp4script/10410?definition=true][StatusCode: 200][Content-Type: text/xml][Server: openresty/1.9.7.1][Risk: ** HTTP Susp User-Agent **][Risk Score: 100][Risk Info: Empty or missing User-Agent][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /api/movies/mp4)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,89,0,0,0,0,0,0,0,0]
23 TCP 192.168.115.8:49599 <-> 106.187.35.246:80 [proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][Breed: Fun][16 pkts/1612 bytes <-> 27 pkts/29579 bytes][Goodput ratio: 45/95][45.24 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.897 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/6 66/65 23/18][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 101/1096 415/1314 119/461][URL: pic.1kxun.com/video_kankan/images/videos/13480-alps.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /video)][Plen Bins: 7,3,0,0,0,0,0,0,0,3,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,79,0,0,0,0,0,0,0,0]
24 TCP 192.168.2.126:44368 <-> 172.217.18.98:80 [proto: 7.239/HTTP.GoogleServices][Stack: HTTP.GoogleServices][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.239/HTTP.GoogleServices, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/489 bytes <-> 16 pkts/29841 bytes][Goodput ratio: 86/96][0.06 sec][Hostname/SNI: www.googletagservices.com][bytes ratio: -0.968 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/2 0/22 0/6][Pkt Len c2s/s2c min/avg/max/stddev: 489/491 489/1865 489/2902 0/738][URL: www.googletagservices.com/tag/js/gpt.js][StatusCode: 200][Content-Type: text/javascript][Server: sffe][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /tag/js/gpt.j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,59,0,0,29]
25 TCP 192.168.2.126:38354 <-> 142.250.186.34:80 [proto: 7.126/HTTP.Google][Stack: HTTP.Google][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.126/HTTP.Google, Confidence: DPI][DPI packets: 9][cat: Advertisement/101][Breed: Acceptable][1 pkts/586 bytes <-> 12 pkts/28355 bytes][Goodput ratio: 89/97][0.08 sec][Hostname/SNI: pagead2.googlesyndication.com][bytes ratio: -0.960 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/23 0/7][Pkt Len c2s/s2c min/avg/max/stddev: 586/687 586/2363 586/2902 0/788][URL: pagead2.googlesyndication.com/pagead/show_ads.js][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /pagead/show)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0,62]
25 TCP 192.168.2.126:38354 <-> 142.250.186.34:80 [proto: 7.126/HTTP.Google][Stack: HTTP.Google][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.126/HTTP.Google, Confidence: DPI][DPI packets: 9][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/586 bytes <-> 12 pkts/28355 bytes][Goodput ratio: 89/97][0.08 sec][Hostname/SNI: pagead2.googlesyndication.com][bytes ratio: -0.960 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/23 0/7][Pkt Len c2s/s2c min/avg/max/stddev: 586/687 586/2363 586/2902 0/788][URL: pagead2.googlesyndication.com/pagead/show_ads.js][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /pagead/show)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0,62]
26 TCP 192.168.2.126:35664 <-> 18.66.2.90:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Web/5][Breed: Acceptable][1 pkts/249 bytes <-> 9 pkts/27029 bytes][Goodput ratio: 73/98][0.02 sec][Hostname/SNI: cdn.liftoff.io][bytes ratio: -0.982 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/1 0/3 0/1][Pkt Len c2s/s2c min/avg/max/stddev: 249/797 249/3003 249/4350 0/1362][URL: cdn.liftoff.io/customers/45d4b09eba/image/lambda_jpg_89/398101234e6cf5b3a8d8.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: AmazonS3][User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)][PLAIN TEXT (GET /customers/45)][Plen Bins: 0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,60]
27 TCP 192.168.115.8:49603 <-> 106.187.35.246:80 [proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][Breed: Fun][12 pkts/1396 bytes <-> 22 pkts/24184 bytes][Goodput ratio: 52/95][45.24 sec][Hostname/SNI: pic.1kxun.com][bytes ratio: -0.891 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 5632/4 45001/65 14880/15][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116/1099 415/1314 134/455][URL: pic.1kxun.com/video_kankan/images/videos/16649-ljdz.jpg][StatusCode: 200][Content-Type: image/jpeg][Server: openresty/1.9.7.1][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /video)][Plen Bins: 8,0,0,0,0,0,0,0,0,4,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,75,0,0,0,0,0,0,0,0]
28 TCP 192.168.2.126:36732 <-> 142.250.186.174:80 [proto: 7.126/HTTP.Google][Stack: HTTP.Google][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.126/HTTP.Google, Confidence: DPI][DPI packets: 2][cat: Advertisement/101][Breed: Acceptable][1 pkts/487 bytes <-> 10 pkts/21123 bytes][Goodput ratio: 86/97][0.05 sec][Hostname/SNI: www.google-analytics.com][bytes ratio: -0.955 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/21 0/7][Pkt Len c2s/s2c min/avg/max/stddev: 487/677 487/2112 487/2902 0/822][URL: www.google-analytics.com/analytics.js][StatusCode: 200][Content-Type: text/javascript][Server: Golfe2][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /analytics.js HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,45]
28 TCP 192.168.2.126:36732 <-> 142.250.186.174:80 [proto: 7.126/HTTP.Google][Stack: HTTP.Google][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.126/HTTP.Google, Confidence: DPI][DPI packets: 2][cat: Advertisement/101][Breed: Tracker_Ads][1 pkts/487 bytes <-> 10 pkts/21123 bytes][Goodput ratio: 86/97][0.05 sec][Hostname/SNI: www.google-analytics.com][bytes ratio: -0.955 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/3 0/21 0/7][Pkt Len c2s/s2c min/avg/max/stddev: 487/677 487/2112 487/2902 0/822][URL: www.google-analytics.com/analytics.js][StatusCode: 200][Content-Type: text/javascript][Server: Golfe2][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /analytics.js HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,36,0,0,45]
29 TCP 192.168.2.126:45388 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][Breed: Fun][2 pkts/1315 bytes <-> 8 pkts/18984 bytes][Goodput ratio: 90/97][4.33 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.870 (Download)][IAT c2s/s2c min/avg/max/stddev: 3965/0 3965/593 3965/3966 0/1379][Pkt Len c2s/s2c min/avg/max/stddev: 509/1287 658/2373 806/8258 148/2234][URL: mangaweb.1kxun.mobi/js/swiper/swiper.min.css][StatusCode: 200][Content-Type: text/css][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/swiper/swiper.min.css H)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,40,0,20]
30 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][Breed: Acceptable][20 pkts/4716 bytes <-> 13 pkts/7005 bytes][Goodput ratio: 77/90][1.19 sec][Hostname/SNI: 42.120.51.152][bytes ratio: -0.195 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 49/52 298/178 81/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 236/539 499/1314 193/556][URL: 42.120.51.152:8080/api/proxy?url=http%3A%2F%2Fvv.video.qq.com%2Fgetvinfo][StatusCode: 100][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 60][Risk Info: Found host 42.120.51.152 / Expected on port 80][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (POST /api/proxy)][Plen Bins: 11,0,0,0,0,0,0,22,0,0,0,0,0,33,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0]
31 TCP 192.168.2.126:37100 <-> 52.29.177.177:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 4][cat: Web/5][Breed: Acceptable][12 pkts/8973 bytes <-> 4 pkts/687 bytes][Goodput ratio: 91/61][7.04 sec][Hostname/SNI: adx-tk.rayjump.com][bytes ratio: 0.858 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/185 697/1192 4610/2198 1454/1006][Pkt Len c2s/s2c min/avg/max/stddev: 86/169 748/172 1506/180 594/5][StatusCode: 204][Server: nginx][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /track)][Plen Bins: 25,0,0,25,0,0,0,0,0,0,0,0,0,0,12,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0]
@ -132,7 +133,7 @@ JA Host Stats:
62 TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 295/1kxun, Confidence: DNS][DPI packets: 9][cat: Streaming/17][Breed: Fun][10 pkts/1406 bytes <-> 4 pkts/980 bytes][Goodput ratio: 60/75][45.21 sec][Hostname/SNI: kankan.1kxun.com][bytes ratio: 0.179 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/9 5643/40 44798/70 14800/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 141/245 474/788 167/314][URL: kankan.1kxun.com/api/videos/alsolikes/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377899][StatusCode: 200][Content-Type: application/json][Server: openresty/1.9.3.2][User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /api/videos/alsolikes/10410)][Plen Bins: 40,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
63 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: Web/5][Breed: Acceptable][10 pkts/1428 bytes <-> 4 pkts/867 bytes][Goodput ratio: 60/73][0.23 sec][Hostname/SNI: 183.131.48.145][bytes ratio: 0.244 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 28/42 74/83 34/42][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 143/217 486/687 172/271][URL: 183.131.48.145/vlive.qqvideo.tc.qq.com/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE656][StatusCode: 302][Server: httpserver][Risk: ** HTTP Susp User-Agent **** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 110][Risk Info: Found host 183.131.48.145 / Empty or missing User-Agent][TCP Fingerprint: 2_128_8192_bfcc4e683d79/Unknown][PLAIN TEXT (GET /vlive.qq)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,66,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
64 UDP 192.168.5.44:51389 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][13 pkts/2275 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][59.19 sec][Hostname/SNI: 239.255.255.250][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2967/0 5110/0 15056/0 4451/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
65 TCP 192.168.2.126:45424 <-> 161.117.13.29:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Streaming/17][Breed: Acceptable][1 pkts/480 bytes <-> 1 pkts/1787 bytes][Goodput ratio: 86/96][0.19 sec][Hostname/SNI: tcad.wedolook.com][URL: tcad.wedolook.com/js/websdk.js][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/websdk.js HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
65 TCP 192.168.2.126:45424 <-> 161.117.13.29:80 [proto: 7/HTTP][Stack: HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7/HTTP, Confidence: DPI][DPI packets: 2][cat: Streaming/17][Breed: Fun][1 pkts/480 bytes <-> 1 pkts/1787 bytes][Goodput ratio: 86/96][0.19 sec][Hostname/SNI: tcad.wedolook.com][URL: tcad.wedolook.com/js/websdk.js][StatusCode: 200][Content-Type: application/javascript][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/websdk.js HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
66 UDP 192.168.3.95:59468 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][12 pkts/2100 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][45.06 sec][Hostname/SNI: 239.255.255.250][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2967/0 4198/0 14952/0 3585/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
67 UDP 192.168.5.9:55484 -> 239.255.255.250:1900 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][12 pkts/2100 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][49.87 sec][Hostname/SNI: 239.255.255.250][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 4680/0 19869/0 5063/0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175/0 175/0 0/0][PLAIN TEXT (SEARCH )][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
68 TCP 192.168.2.126:50148 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][Stack: HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 7.295/HTTP.1kxun, Confidence: DPI][DPI packets: 2][cat: Streaming/17][Breed: Fun][1 pkts/1180 bytes <-> 1 pkts/832 bytes][Goodput ratio: 94/92][0.18 sec][Hostname/SNI: mangaweb.1kxun.mobi][URL: mangaweb.1kxun.mobi/images/readpage_revision/like_1.png][StatusCode: 200][Content-Type: image/png][Server: openresty/1.13.6.1][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /images/readpage)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0]

5
tests/cfgs/monitoring/result/stun.pcap.out
View file

@ -29,8 +29,7 @@ ICMP 1 122 1
FacebookVoip 75 10554 1
GoogleCall 41 7228 2
Safe 4 766 1
Acceptable 197 28062 8
Acceptable 201 28828 9
VoIP 131 19906 4
Network 70 8922 5
@ -47,6 +46,6 @@ JA Host Stats:
4 TCP 87.47.100.17:3478 <-> 54.1.57.155:37257 [proto: 78/STUN][Stack: STUN][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 20][cat: Network/14][Breed: Acceptable][9 pkts/1494 bytes <-> 11 pkts/2178 bytes][Goodput ratio: 60/67][0.95 sec][Hostname/SNI: apps-host.com][bytes ratio: -0.186 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 104/96 267/252 102/93][Pkt Len c2s/s2c min/avg/max/stddev: 74/94 166/198 234/354 41/65][Mapped IP/Port: 5.37.217.126:37257][Peer IP/Port: 192.168.8.153:60001, 127.0.0.1:38763, 66.55.92.16:64920, 66.55.92.16:58225, 5.162.130.14:16947][Relayed IP/Port: 66.55.92.16:40576][PLAIN TEXT (Unauthorized)][Plen Bins: 10,0,15,21,42,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 TCP 10.77.110.51:41588 <-> 10.206.50.239:42000 [VLAN: 1611][proto: 78.38/STUN.TeamsCall][Stack: STUN.TeamsCall][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 15][cat: VoIP/10][Breed: Acceptable][7 pkts/1006 bytes <-> 8 pkts/1118 bytes][Goodput ratio: 58/57][1.05 sec][bytes ratio: -0.053 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 189/134 369/399 144/153][Pkt Len c2s/s2c min/avg/max/stddev: 70/64 144/140 164/172 31/43][Mapped IP/Port: 10.77.110.51:41588, 10.206.50.239:42000][TCP Fingerprint: 2_128_8192_5e2eda046ca7/Unknown][Plen Bins: 0,0,25,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 UDP 192.168.12.169:43016 <-> 74.125.247.128:3478 [proto: 78.404/STUN.GoogleCall][Stack: STUN.GoogleCall][IP: 126/Google][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 8][cat: VoIP/10][Breed: Acceptable][4 pkts/528 bytes <-> 4 pkts/408 bytes][Goodput ratio: 68/59][1.25 sec][Hostname/SNI: turn.l.google.com][bytes ratio: 0.128 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 9/23 342/409 974/1177 447/543][Pkt Len c2s/s2c min/avg/max/stddev: 62/74 132/102 198/122 61/19][Mapped IP/Port: 93.47.225.225:23616][Relayed IP/Port: 10.2.0.86:44908][PLAIN TEXT (BSnLfRxS6)][Plen Bins: 12,37,25,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 UDP 192.168.43.169:48854 <-> 134.224.90.111:8801 [proto: 30/DTLS][Stack: STUN.DTLS][IP: 189/Zoom][Encrypted][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: Network/14][Breed: Safe][3 pkts/660 bytes <-> 1 pkts/106 bytes][Goodput ratio: 81/60][0.12 sec][(Advertised) ALPNs: webrtc;c-webrtc][Mapped IP/Port: 93.33.105.111:8466][DTLSv1.2][JA4: dd2i0808wc_c6c2b6ec87e0_06b1ae923e2a][Firefox][PLAIN TEXT (DCBD09778680)][Plen Bins: 0,0,25,0,25,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 UDP 192.168.43.169:48854 <-> 134.224.90.111:8801 [proto: 30/DTLS][Stack: STUN.DTLS][IP: 189/Zoom][Encrypted][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 4][cat: Network/14][Breed: Acceptable][3 pkts/660 bytes <-> 1 pkts/106 bytes][Goodput ratio: 81/60][0.12 sec][(Advertised) ALPNs: webrtc;c-webrtc][Mapped IP/Port: 93.33.105.111:8466][DTLSv1.2][JA4: dd2i0808wc_c6c2b6ec87e0_06b1ae923e2a][Firefox][PLAIN TEXT (DCBD09778680)][Plen Bins: 0,0,25,0,25,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
8 UDP [2600:1900:4160:5999:0:19::]:3478 -> [2001:b07:a3d:c112:48a1:1094:1227:281e]:48094 [proto: 78/STUN][Stack: STUN][IP: 284/GoogleCloud][ClearText][Confidence: DPI][FPC: 78/STUN, Confidence: DPI][DPI packets: 3][cat: Network/14][Breed: Acceptable][3 pkts/414 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][5.22 sec][Mapped IP/Port: [2001:b07:a3d:c112:48a1:1094:1227:281e]:48094][Rsp Origin IP/Port: [2600:1900:4160:5999:0:19::]:3478][Other IP/Port: [2600:1900:4160:5999:0:19::]:80][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (KdfbdZ2)][Plen Bins: 0,66,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
9 ICMP 192.168.12.169:0 -> 74.125.247.128:0 [proto: 81/ICMP][Stack: ICMP][IP: 126/Google][ClearText][Confidence: DPI][FPC: 81/ICMP, Confidence: DPI][DPI packets: 1][cat: Network/14][Breed: Acceptable][1 pkts/122 bytes -> 0 pkts/0 bytes][Goodput ratio: 65/0][< 1 sec][Risk: ** Susp Entropy **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Entropy: 5.280 (Executable?)][PLAIN TEXT (62NfUD5)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

44
tests/cfgs/monitoring/result/teams.pcap.out
View file

@ -40,10 +40,10 @@ Spotify 1 82 1
Microsoft365 531 334618 13
Teams 722 277403 23
Safe 782 298577 28
Acceptable 711 377880 53
Fun 1 82 1
Unrated 4 456 1
Safe 163 64819 9
Acceptable 1330 611638 72
Fun 1 82 1
Unspecified 4 456 1
Web 23 11660 3
@ -60,43 +60,43 @@ JA Host Stats:
1 TCP 192.168.1.6:60543 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 9][cat: Collaborative/15][Breed: Acceptable][67 pkts/86089 bytes <-> 40 pkts/7347 bytes][Goodput ratio: 95/64][0.72 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.843 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/16 152/86 28/26][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1285/184 1494/1506 497/372][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 1,1,1,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,89,3,0,0]
2 TCP 192.168.1.6:60532 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 8][cat: Collaborative/15][Breed: Acceptable][49 pkts/58592 bytes <-> 28 pkts/6555 bytes][Goodput ratio: 94/72][0.71 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.799 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/29 177/221 32/57][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 1196/234 1494/1506 564/435][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 2,2,2,0,0,2,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,81,4,0,0]
3 TCP 192.168.1.6:60554 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 12][cat: Collaborative/15][Breed: Safe][24 pkts/2746 bytes <-> 28 pkts/30546 bytes][Goodput ratio: 52/95][0.23 sec][Hostname/SNI: config.teams.microsoft.com][bytes ratio: -0.835 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/9 21/140 7/29][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 114/1091 1136/1506 217/607][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: *.config.teams.microsoft.com,config.teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=config.teams.microsoft.com][Certificate SHA-1: B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA][Firefox][Validity: 2019-12-11 02:04:20 - 2021-12-11 02:04:20][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,7,0,3,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,0,0,7,0,0,0,0,0,65,0,0]
3 TCP 192.168.1.6:60554 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 12][cat: Collaborative/15][Breed: Acceptable][24 pkts/2746 bytes <-> 28 pkts/30546 bytes][Goodput ratio: 52/95][0.23 sec][Hostname/SNI: config.teams.microsoft.com][bytes ratio: -0.835 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/9 21/140 7/29][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 114/1091 1136/1506 217/607][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: *.config.teams.microsoft.com,config.teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=config.teams.microsoft.com][Certificate SHA-1: B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA][Firefox][Validity: 2019-12-11 02:04:20 - 2021-12-11 02:04:20][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,7,0,3,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,0,0,7,0,0,0,0,0,65,0,0]
4 TCP 192.168.1.6:60561 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 10][cat: Collaborative/15][Breed: Acceptable][23 pkts/19184 bytes <-> 14 pkts/5643 bytes][Goodput ratio: 92/83][0.82 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.545 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/44 161/136 43/48][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 834/403 1494/1506 690/567][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 4,4,4,0,0,0,9,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,60,9,0,0]
5 TCP 192.168.1.6:60535 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 16][cat: Collaborative/15][Breed: Acceptable][21 pkts/16793 bytes <-> 13 pkts/5565 bytes][Goodput ratio: 92/84][0.33 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.502 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 9/18 48/49 17/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 800/428 1494/1506 681/581][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][Safari][Plen Bins: 5,5,5,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,53,10,0,0]
6 TCP 192.168.1.6:60559 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][21 pkts/15525 bytes <-> 12 pkts/5499 bytes][Goodput ratio: 91/85][0.35 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.477 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/21 52/51 22/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 739/458 1494/1506 682/595][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][Safari][Plen Bins: 5,5,5,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,5,0,0,52,11,0,0]
7 TCP 192.168.1.6:60545 <-> 52.114.77.58:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][49 pkts/7568 bytes <-> 34 pkts/11426 bytes][Goodput ratio: 65/83][9.23 sec][Hostname/SNI: presence.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.203 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 226/294 4927/4971 803/983][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 154/336 1494/1506 217/458][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,17,10,8,6,4,0,6,2,0,0,2,6,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]
7 TCP 192.168.1.6:60545 <-> 52.114.77.58:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][49 pkts/7568 bytes <-> 34 pkts/11426 bytes][Goodput ratio: 65/83][9.23 sec][Hostname/SNI: presence.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.203 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 226/294 4927/4971 803/983][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 154/336 1494/1506 217/458][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,17,10,8,6,4,0,6,2,0,0,2,6,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]
8 TCP 192.168.1.6:60549 <-> 13.107.18.11:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 21/Outlook][Encrypted][Confidence: DPI][FPC: 219/Microsoft365, Confidence: DNS][DPI packets: 10][cat: Collaborative/15][Breed: Acceptable][28 pkts/7696 bytes <-> 26 pkts/9797 bytes][Goodput ratio: 80/85][1.16 sec][Hostname/SNI: substrate.office.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.120 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 47/23 539/167 115/43][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 275/377 1494/1506 397/471][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][ServerNames: outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com][JA3S: a66ea560599a2f5c89eec8c3a0d69cee][Issuer: C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1][Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com][Certificate SHA-1: AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2][Validity: 2019-07-12 00:00:00 - 2021-07-12 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,22,7,0,7,0,7,0,0,3,3,0,0,0,3,0,7,0,3,0,10,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0]
9 TCP 192.168.1.6:60548 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 8][cat: Collaborative/15][Breed: Acceptable][18 pkts/12047 bytes <-> 11 pkts/5433 bytes][Goodput ratio: 90/86][0.32 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.378 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/23 51/51 21/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 669/494 1494/1506 669/609][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 6,6,6,0,0,0,6,0,0,0,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,44,12,0,0]
10 TCP 192.168.1.6:60533 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: IP address][DPI packets: 12][cat: Collaborative/15][Breed: Safe][20 pkts/1861 bytes <-> 20 pkts/12980 bytes][Goodput ratio: 41/91][0.10 sec][Hostname/SNI: teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/4 29/29 8/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 93/649 312/1506 76/603][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][ServerNames: teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,15,10,0,5,0,10,0,5,0,5,0,0,0,0,0,5,0,0,10,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0]
11 TCP 192.168.1.6:60540 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][14 pkts/5711 bytes <-> 10 pkts/8093 bytes][Goodput ratio: 83/92][0.13 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.173 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 32/32 13/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 408/809 1494/1506 517/688][nDPI Fingerprint: 5fb4c79ca06d0d1a2c439b047f560ede][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][Plen Bins: 0,7,0,7,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,15,31,0,0]
10 TCP 192.168.1.6:60533 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: IP address][DPI packets: 12][cat: Collaborative/15][Breed: Acceptable][20 pkts/1861 bytes <-> 20 pkts/12980 bytes][Goodput ratio: 41/91][0.10 sec][Hostname/SNI: teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/4 29/29 8/8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 93/649 312/1506 76/603][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][ServerNames: teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,15,10,0,5,0,10,0,5,0,5,0,0,0,0,0,5,0,0,10,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,30,0,0]
11 TCP 192.168.1.6:60540 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][14 pkts/5711 bytes <-> 10 pkts/8093 bytes][Goodput ratio: 83/92][0.13 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.173 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/9 32/32 13/14][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 408/809 1494/1506 517/688][nDPI Fingerprint: 5fb4c79ca06d0d1a2c439b047f560ede][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][Plen Bins: 0,7,0,7,0,0,0,15,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,15,31,0,0]
12 TCP 192.168.1.6:60537 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 8][cat: Collaborative/15][Breed: Acceptable][16 pkts/8418 bytes <-> 10 pkts/5367 bytes][Goodput ratio: 87/88][0.27 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.221 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/27 46/46 20/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 526/537 1494/1506 639/623][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,7,7,0,0,0,7,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,7,0,0,31,15,0,0]
13 TCP 192.168.1.6:60555 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 11][cat: Collaborative/15][Breed: Acceptable][18 pkts/5861 bytes <-> 13 pkts/7901 bytes][Goodput ratio: 80/89][2.79 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: -0.148 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 192/269 2443/2490 625/741][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 326/608 1494/1506 448/617][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Firefox][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,11,0,0,5,0,0,0,5,5,0,0,11,0,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,22,0,0]
14 UDP 192.168.1.6:51681 <-> 52.114.77.136:3478 [proto: 78/STUN][Stack: STUN][IP: 276/Azure][ClearText][Confidence: Match by port][FPC: 250/Teams, Confidence: DNS][DPI packets: 7][cat: Network/14][Breed: Acceptable][14 pkts/5838 bytes <-> 17 pkts/7907 bytes][Goodput ratio: 90/91][4.57 sec][bytes ratio: -0.151 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 347/256 2336/2336 693/595][Pkt Len c2s/s2c min/avg/max/stddev: 79/79 417/465 1243/1227 434/401][Risk: ** Susp Entropy **][Risk Score: 10][Risk Info: Entropy: 6.927 (Compressed Executable?)][PLAIN TEXT (TBHSWF)][Plen Bins: 0,36,0,0,0,12,6,0,3,6,0,0,0,3,0,0,0,0,0,0,0,0,0,6,6,0,0,0,0,0,3,0,3,3,0,0,0,9,0,0,0,0,0,0,0,0,0,0]
15 TCP 192.168.1.6:60547 <-> 52.114.88.59:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 219/Microsoft365, Confidence: DNS][DPI packets: 16][cat: Collaborative/15][Breed: Safe][20 pkts/3926 bytes <-> 15 pkts/8828 bytes][Goodput ratio: 66/89][0.32 sec][Hostname/SNI: chatsvcagg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.384 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/25 91/80 23/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 196/589 1494/1506 320/612][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,10,5,0,5,10,5,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,21,0,0]
16 TCP 192.168.1.6:60565 <-> 52.114.108.8:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][19 pkts/3306 bytes <-> 14 pkts/9053 bytes][Goodput ratio: 61/90][0.43 sec][Hostname/SNI: emea.ng.msg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.465 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/12 276/54 68/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 174/647 1060/1506 238/633][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,22,16,5,0,0,5,0,0,0,0,0,0,5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,22,0,0]
17 TCP 192.168.1.6:60541 <-> 52.114.75.69:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 10][cat: Collaborative/15][Breed: Safe][13 pkts/4051 bytes <-> 9 pkts/7973 bytes][Goodput ratio: 79/92][0.14 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.326 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/11 31/36 14/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 312/886 1494/1506 422/676][nDPI Fingerprint: 5fb4c79ca06d0d1a2c439b047f560ede][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][ServerNames: *.asm.skype.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=*.asm.skype.com][Certificate SHA-1: B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48][Validity: 2019-05-07 12:50:03 - 2021-05-07 12:50:03][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,8,0,8,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,34,0,0]
15 TCP 192.168.1.6:60547 <-> 52.114.88.59:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 219/Microsoft365, Confidence: DNS][DPI packets: 16][cat: Collaborative/15][Breed: Acceptable][20 pkts/3926 bytes <-> 15 pkts/8828 bytes][Goodput ratio: 66/89][0.32 sec][Hostname/SNI: chatsvcagg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.384 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/25 91/80 23/31][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 196/589 1494/1506 320/612][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,10,5,0,5,10,5,0,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,5,21,0,0]
16 TCP 192.168.1.6:60565 <-> 52.114.108.8:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][19 pkts/3306 bytes <-> 14 pkts/9053 bytes][Goodput ratio: 61/90][0.43 sec][Hostname/SNI: emea.ng.msg.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.465 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 27/12 276/54 68/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 174/647 1060/1506 238/633][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,22,16,5,0,0,5,0,0,0,0,0,0,5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,5,0,0,0,0,22,0,0]
17 TCP 192.168.1.6:60541 <-> 52.114.75.69:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 10][cat: Collaborative/15][Breed: Acceptable][13 pkts/4051 bytes <-> 9 pkts/7973 bytes][Goodput ratio: 79/92][0.14 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.326 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 10/11 31/36 14/16][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 312/886 1494/1506 422/676][nDPI Fingerprint: 5fb4c79ca06d0d1a2c439b047f560ede][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][ServerNames: *.asm.skype.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=*.asm.skype.com][Certificate SHA-1: B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48][Validity: 2019-05-07 12:50:03 - 2021-05-07 12:50:03][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,8,0,8,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,8,34,0,0]
18 TCP 192.168.1.6:60556 <-> 40.126.9.7:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 219/Microsoft365][Encrypted][Confidence: DPI][FPC: 219/Microsoft365, Confidence: IP address][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][15 pkts/4178 bytes <-> 12 pkts/7795 bytes][Goodput ratio: 76/90][0.43 sec][Hostname/SNI: login.microsoftonline.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.302 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/45 105/135 29/49][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 279/650 1494/1506 415/671][nDPI Fingerprint: 7d566af7d9cf82d9648af572f48542b0][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d2010h2_2a284e3b0c56_f05fdf8c38a9][Safari][Plen Bins: 7,7,0,15,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,7,31,0,0]
19 TCP 192.168.1.6:60560 <-> 40.126.9.67:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 219/Microsoft365][Encrypted][Confidence: DPI][FPC: 219/Microsoft365, Confidence: IP address][DPI packets: 9][cat: Collaborative/15][Breed: Acceptable][14 pkts/4099 bytes <-> 12 pkts/7812 bytes][Goodput ratio: 77/90][0.36 sec][Hostname/SNI: login.microsoftonline.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.312 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/20 107/54 31/21][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 293/651 1494/1506 427/672][nDPI Fingerprint: 7d566af7d9cf82d9648af572f48542b0][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d2010h2_2a284e3b0c56_f05fdf8c38a9][ServerNames: login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com][JA3S: 678aeaf909676262acfb913ccb78a126][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=stamp2.login.microsoftonline.com][Certificate SHA-1: 7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63][Safari][Validity: 2018-09-24 21:49:30 - 2020-09-24 21:49:30][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,7,0,15,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,7,0,0,0,0,0,0,0,0,0,7,31,0,0]
20 TCP 192.168.1.6:60544 <-> 52.114.76.48:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][21 pkts/3510 bytes <-> 17 pkts/8350 bytes][Goodput ratio: 67/89][9.73 sec][Hostname/SNI: northeurope.notifications.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.408 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/743 403/8978 94/2380][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 167/491 1114/1506 247/578][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,10,0,5,0,0,10,5,0,0,15,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,21,0,0]
20 TCP 192.168.1.6:60544 <-> 52.114.76.48:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][21 pkts/3510 bytes <-> 17 pkts/8350 bytes][Goodput ratio: 67/89][9.73 sec][Hostname/SNI: northeurope.notifications.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.408 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/743 403/8978 94/2380][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 167/491 1114/1506 247/578][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,21,10,0,5,0,0,10,5,0,0,15,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,21,0,0]
21 TCP 192.168.1.6:60562 <-> 104.40.187.151:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI (partial)][FPC: 276/Azure, Confidence: IP address][DPI packets: 16][cat: Collaborative/15][Breed: Safe][19 pkts/3484 bytes <-> 13 pkts/8009 bytes][Goodput ratio: 63/89][0.29 sec][Hostname/SNI: api.microsoftstream.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.394 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/12 45/45 15/17][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 183/616 1379/1506 297/613][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,22,22,0,0,0,5,5,0,0,0,5,0,0,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,22,0,0]
22 TCP 192.168.1.6:60563 <-> 52.169.186.119:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI (partial)][FPC: 276/Azure, Confidence: IP address][DPI packets: 16][cat: Collaborative/15][Breed: Safe][17 pkts/3244 bytes <-> 12 pkts/8152 bytes][Goodput ratio: 65/90][0.22 sec][Hostname/SNI: euno-1.api.microsoftstream.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.431 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/13 69/48 22/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 191/679 1352/1506 306/618][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,18,18,0,0,0,6,6,0,0,0,6,0,0,0,6,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,25,0,0]
23 TCP 192.168.1.6:60552 <-> 52.114.77.33:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: DNS][DPI packets: 8][cat: Collaborative/15][Breed: Acceptable][14 pkts/5842 bytes <-> 11 pkts/5445 bytes][Goodput ratio: 84/86][0.66 sec][Hostname/SNI: mobile.pipe.aria.microsoft.com][bytes ratio: 0.035 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/71 143/237 42/77][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 417/495 1494/1506 527/609][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: e4a222b805f064f6f0c11bf981be40b4][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d150700_0707305c9f76_0f3b2bcde21d][ServerNames: *.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com][JA3S: ae4edc6faf64d08308082ad26be60767][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=*.events.data.microsoft.com][Certificate SHA-1: 33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB][Safari][Validity: 2019-10-10 21:55:38 - 2021-10-10 21:55:38][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 8,8,8,0,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,16,16,0,0]
24 TCP 192.168.1.6:60542 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 12][cat: Collaborative/15][Breed: Safe][18 pkts/2750 bytes <-> 19 pkts/8360 bytes][Goodput ratio: 64/87][2.95 sec][Hostname/SNI: config.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.505 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 197/61 1998/468 513/122][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 153/440 575/1506 158/563][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][ServerNames: *.config.teams.microsoft.com,config.teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=config.teams.microsoft.com][Certificate SHA-1: B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA][Validity: 2019-12-11 02:04:20 - 2021-12-11 02:04:20][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,11,11,0,11,0,11,0,0,11,5,0,5,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0]
25 TCP 192.168.1.6:60536 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: IP address][DPI packets: 12][cat: Collaborative/15][Breed: Safe][13 pkts/3676 bytes <-> 10 pkts/6984 bytes][Goodput ratio: 80/92][0.04 sec][Hostname/SNI: teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.310 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/4 13/15 5/6][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 283/698 1494/1506 438/666][nDPI Fingerprint: 5fb4c79ca06d0d1a2c439b047f560ede][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][ServerNames: teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,7,15,0,7,0,15,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0]
24 TCP 192.168.1.6:60542 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 12][cat: Collaborative/15][Breed: Acceptable][18 pkts/2750 bytes <-> 19 pkts/8360 bytes][Goodput ratio: 64/87][2.95 sec][Hostname/SNI: config.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.505 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 197/61 1998/468 513/122][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 153/440 575/1506 158/563][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][ServerNames: *.config.teams.microsoft.com,config.teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1][Subject: CN=config.teams.microsoft.com][Certificate SHA-1: B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA][Validity: 2019-12-11 02:04:20 - 2021-12-11 02:04:20][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,11,11,0,11,0,11,0,0,11,5,0,5,5,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0]
25 TCP 192.168.1.6:60536 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: IP address][DPI packets: 12][cat: Collaborative/15][Breed: Acceptable][13 pkts/3676 bytes <-> 10 pkts/6984 bytes][Goodput ratio: 80/92][0.04 sec][Hostname/SNI: teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][bytes ratio: -0.310 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/4 13/15 5/6][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 283/698 1494/1506 438/666][nDPI Fingerprint: 5fb4c79ca06d0d1a2c439b047f560ede][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1312h2_8b80da21ef18_b00751acaffa][ServerNames: teams.microsoft.com][JA3S: 0f14538e1c9070becdad7739c67d6363][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,7,15,0,7,0,15,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,39,0,0]
26 TCP 192.168.1.6:60568 <-> 40.79.138.41:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI (partial)][FPC: 212/Microsoft, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][12 pkts/2175 bytes <-> 9 pkts/8211 bytes][Goodput ratio: 62/93][0.18 sec][Hostname/SNI: gate.hockeyapp.net][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.581 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/22 37/68 16/23][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 181/912 599/1506 178/631][nDPI Fingerprint: 7d566af7d9cf82d9648af572f48542b0][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d2010h2_2a284e3b0c56_f05fdf8c38a9][Safari][Plen Bins: 0,0,0,9,0,9,0,9,0,0,0,0,9,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,36,0,0]
27 TCP 192.168.1.6:60564 <-> 40.79.138.41:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI (partial)][FPC: 212/Microsoft, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][12 pkts/2159 bytes <-> 9 pkts/8211 bytes][Goodput ratio: 62/93][0.17 sec][Hostname/SNI: gate.hockeyapp.net][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.584 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 12/20 33/42 14/18][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 180/912 599/1506 176/631][nDPI Fingerprint: 7d566af7d9cf82d9648af572f48542b0][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d2010h2_2a284e3b0c56_f05fdf8c38a9][Safari][Plen Bins: 0,0,0,9,0,9,0,9,0,0,0,0,9,0,0,0,9,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,36,0,0]
28 TCP 192.168.1.6:60551 <-> 52.114.15.45:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 11][cat: Collaborative/15][Breed: Safe][13 pkts/2426 bytes <-> 11 pkts/7772 bytes][Goodput ratio: 70/92][0.88 sec][Hostname/SNI: trouter2-asse-a.trouter.teams.microsoft.com][bytes ratio: -0.524 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 70/90 207/235 82/92][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 187/707 1393/1506 353/636][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: *.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2][Subject: CN=*.trouter.teams.microsoft.com][Certificate SHA-1: DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4][Firefox][Validity: 2019-11-29 17:57:58 - 2021-11-29 17:57:58][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,24,0,7,7,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,31,0,0]
28 TCP 192.168.1.6:60551 <-> 52.114.15.45:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 11][cat: Collaborative/15][Breed: Acceptable][13 pkts/2426 bytes <-> 11 pkts/7772 bytes][Goodput ratio: 70/92][0.88 sec][Hostname/SNI: trouter2-asse-a.trouter.teams.microsoft.com][bytes ratio: -0.524 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 70/90 207/235 82/92][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 187/707 1393/1506 353/636][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: *.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2][Subject: CN=*.trouter.teams.microsoft.com][Certificate SHA-1: DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4][Firefox][Validity: 2019-11-29 17:57:58 - 2021-11-29 17:57:58][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,24,0,7,7,0,7,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,31,0,0]
29 TCP 192.168.1.6:60534 <-> 40.126.9.5:443 [proto: 91.219/TLS.Microsoft365][Stack: TLS.Microsoft365][IP: 219/Microsoft365][Encrypted][Confidence: DPI][FPC: 219/Microsoft365, Confidence: IP address][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][15 pkts/2846 bytes <-> 10 pkts/7289 bytes][Goodput ratio: 64/91][0.20 sec][Hostname/SNI: login.microsoftonline.com][(Advertised) ALPNs: h2;h2-16;h2-15;h2-14;spdy/3.1;spdy/3;http/1.1][bytes ratio: -0.438 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/21 41/53 16/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 190/729 1471/1506 349/665][nDPI Fingerprint: 7d566af7d9cf82d9648af572f48542b0][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d2010h2_2a284e3b0c56_f05fdf8c38a9][Safari][Plen Bins: 9,9,0,18,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,36,0,0]
30 TCP 162.125.19.131:443 <-> 192.168.1.6:60344 [proto: 91/TLS][Stack: TLS][IP: 121/Dropbox][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 3][cat: Web/5][Breed: Safe][8 pkts/761 bytes <-> 8 pkts/9347 bytes][Goodput ratio: 31/94][0.12 sec][bytes ratio: -0.849 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 18/1 111/4 41/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 95/1168 299/1494 77/500][nDPI Fingerprint: d9b1e7338e475c535e75d9f1f452155e][Plen Bins: 0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,63,0,0,0]
31 TCP 192.168.1.6:60567 <-> 52.114.77.136:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][13 pkts/2389 bytes <-> 11 pkts/7293 bytes][Goodput ratio: 69/91][1.77 sec][Hostname/SNI: api.flightproxy.teams.microsoft.com][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/50 84/122 28/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 184/663 703/1506 228/665][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 0,16,0,16,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,16,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
32 TCP 192.168.1.6:60557 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 12][cat: Collaborative/15][Breed: Safe][12 pkts/2422 bytes <-> 13 pkts/7118 bytes][Goodput ratio: 72/90][0.17 sec][Hostname/SNI: teams.microsoft.com][bytes ratio: -0.492 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/14 91/79 27/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 202/548 954/1506 267/645][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Firefox][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,0,8,0,8,8,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
31 TCP 192.168.1.6:60567 <-> 52.114.77.136:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][13 pkts/2389 bytes <-> 11 pkts/7293 bytes][Goodput ratio: 69/91][1.77 sec][Hostname/SNI: api.flightproxy.teams.microsoft.com][bytes ratio: -0.507 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/50 84/122 28/46][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 184/663 703/1506 228/665][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 0,16,0,16,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,16,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
32 TCP 192.168.1.6:60557 <-> 52.113.194.132:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 250/Teams][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 12][cat: Collaborative/15][Breed: Acceptable][12 pkts/2422 bytes <-> 13 pkts/7118 bytes][Goodput ratio: 72/90][0.17 sec][Hostname/SNI: teams.microsoft.com][bytes ratio: -0.492 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 17/14 91/79 27/23][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 202/548 954/1506 267/645][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][ServerNames: teams.microsoft.com][JA3S: 7d8fd34fdb13a7fff30d5a52846b6c4c][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4][Subject: CN=teams.microsoft.com][Certificate SHA-1: 68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E][Firefox][Validity: 2019-09-12 18:16:45 - 2021-09-12 18:16:45][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,16,0,8,0,8,8,0,0,8,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0]
33 UDP 93.71.110.205:16332 <-> 192.168.1.6:50016 [proto: 338.38/SRTP.TeamsCall][Stack: STUN.TeamsCall.SRTP][IP: 0/Unknown][Stream Content: Audio][Encrypted][Confidence: DPI][FPC: 78.38/STUN.TeamsCall, Confidence: DPI][DPI packets: 37][DPI packets before monitoring: 33][cat: VoIP/10][Breed: Acceptable][30 pkts/5952 bytes <-> 7 pkts/3184 bytes][Goodput ratio: 79/91][2.72 sec][bytes ratio: 0.303 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 99/467 1167/1168 282/553][Pkt Len c2s/s2c min/avg/max/stddev: 80/80 198/455 1256/1256 284/507][Mapped IP/Port: 93.71.110.205:16332, 80.181.206.72:57543][RTP packets: 0/18][PLAIN TEXT (SMnzNK)][Plen Bins: 0,8,60,18,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0]
34 TCP 192.168.1.6:50036 <-> 52.114.250.153:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 13][cat: Collaborative/15][Breed: Safe][17 pkts/1759 bytes <-> 13 pkts/7267 bytes][Goodput ratio: 46/90][3.92 sec][Hostname/SNI: 52.114.250.153][bytes ratio: -0.610 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 273/381 3619/3662 928/1094][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 103/559 289/1506 79/554][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.153 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][nDPI Fingerprint: 9a0007ae7d111b0357685510564bb3b6][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 11,11,0,11,0,18,5,5,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0]
35 TCP 192.168.1.6:60538 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][12 pkts/1791 bytes <-> 8 pkts/7215 bytes][Goodput ratio: 54/93][0.15 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.602 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/16 37/65 15/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 149/902 689/1506 176/629][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,10,0,10,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
36 TCP 192.168.1.6:60539 <-> 52.114.75.69:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][12 pkts/1773 bytes <-> 8 pkts/7189 bytes][Goodput ratio: 53/93][0.15 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/20 32/58 15/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 148/899 674/1506 171/632][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,10,0,10,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
37 TCP 192.168.1.6:50018 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][20 pkts/1629 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 29/90][1.92 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.626 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/18 69/92 24/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 81/546 241/1506 48/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
38 TCP 192.168.1.6:50021 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Safe][18 pkts/1509 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 32/90][0.66 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.649 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/23 46/85 20/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 84/546 241/1506 50/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
39 TCP 192.168.1.6:50014 <-> 52.114.250.152:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 14][cat: Collaborative/15][Breed: Safe][14 pkts/1347 bytes <-> 11 pkts/6975 bytes][Goodput ratio: 42/91][0.22 sec][Hostname/SNI: 52.114.250.152][bytes ratio: -0.676 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/22 43/84 20/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96/634 289/1506 73/570][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.152 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][nDPI Fingerprint: 9a0007ae7d111b0357685510564bb3b6][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,14,0,14,0,14,0,7,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0]
34 TCP 192.168.1.6:50036 <-> 52.114.250.153:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 13][cat: Collaborative/15][Breed: Acceptable][17 pkts/1759 bytes <-> 13 pkts/7267 bytes][Goodput ratio: 46/90][3.92 sec][Hostname/SNI: 52.114.250.153][bytes ratio: -0.610 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 273/381 3619/3662 928/1094][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 103/559 289/1506 79/554][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.153 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][nDPI Fingerprint: 9a0007ae7d111b0357685510564bb3b6][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 11,11,0,11,0,18,5,5,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0]
35 TCP 192.168.1.6:60538 <-> 52.114.75.70:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][12 pkts/1791 bytes <-> 8 pkts/7215 bytes][Goodput ratio: 54/93][0.15 sec][Hostname/SNI: eu-prod.asyncgw.teams.microsoft.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.602 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14/16 37/65 15/24][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 149/902 689/1506 176/629][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,10,0,10,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
36 TCP 192.168.1.6:60539 <-> 52.114.75.69:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][12 pkts/1773 bytes <-> 8 pkts/7189 bytes][Goodput ratio: 53/93][0.15 sec][Hostname/SNI: eu-api.asm.skype.com][(Advertised) ALPNs: h2;http/1.1][bytes ratio: -0.604 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/20 32/58 15/22][Pkt Len c2s/s2c min/avg/max/stddev: 66/74 148/899 674/1506 171/632][nDPI Fingerprint: f1f5d0bdab75c94bb51a63f8e074f0cd][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d1311h2_8b80da21ef18_77989cba1f4a][Plen Bins: 0,10,0,10,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,40,0,0]
37 TCP 192.168.1.6:50018 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][20 pkts/1629 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 29/90][1.92 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.626 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 19/18 69/92 24/32][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 81/546 241/1506 48/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
38 TCP 192.168.1.6:50021 <-> 52.114.250.123:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 250/Teams, Confidence: DNS][DPI packets: 5][cat: Collaborative/15][Breed: Acceptable][18 pkts/1509 bytes <-> 13 pkts/7093 bytes][Goodput ratio: 32/90][0.66 sec][Hostname/SNI: euaz.tr.teams.microsoft.com][bytes ratio: -0.649 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/23 46/85 20/34][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 84/546 241/1506 50/564][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][nDPI Fingerprint: 29008ea83010474e3c781534f1f173fb][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12d220700_0d4ca5d4ec72_3304d8368043][Firefox][Plen Bins: 13,13,0,20,0,13,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0]
39 TCP 192.168.1.6:50014 <-> 52.114.250.152:443 [proto: 91.250/TLS.Teams][Stack: TLS.Teams][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 276/Azure, Confidence: IP address][DPI packets: 14][cat: Collaborative/15][Breed: Acceptable][14 pkts/1347 bytes <-> 11 pkts/6975 bytes][Goodput ratio: 42/91][0.22 sec][Hostname/SNI: 52.114.250.152][bytes ratio: -0.676 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 16/22 43/84 20/30][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 96/634 289/1506 73/570][Risk: ** TLS Cert Mismatch **** TLS (probably) Not Carrying HTTPS **][Risk Score: 110][Risk Info: No ALPN / 52.114.250.152 vs tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.co][nDPI Fingerprint: 9a0007ae7d111b0357685510564bb3b6][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t12i220700_0d4ca5d4ec72_3304d8368043][ServerNames: tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com][JA3S: 986571066668055ae9481cb84fda634a][Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5][Subject: CN=tr.teams.microsoft.com][Certificate SHA-1: A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75][Firefox][Validity: 2019-05-24 14:10:26 - 2021-05-24 14:10:26][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 7,14,0,14,0,14,0,7,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0]
40 TCP 192.168.1.6:60566 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][Stack: TLS.ntop][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 6][cat: Network/14][Breed: Safe][9 pkts/3029 bytes <-> 8 pkts/2213 bytes][Goodput ratio: 80/76][2.73 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.156 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 351/431 1977/2053 668/728][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/277 1012/1291 385/397][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][nDPI Fingerprint: c065e46d9db9a0ceb94dd29c4017c325][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,14,0,0,14,0,0,0,0,14,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0]
41 TCP 192.168.1.6:60546 <-> 167.99.215.164:4434 [proto: 91.26/TLS.ntop][Stack: TLS.ntop][IP: 442/DigitalOcean][Encrypted][Confidence: DPI][FPC: 442/DigitalOcean, Confidence: IP address][DPI packets: 6][cat: Network/14][Breed: Safe][10 pkts/2195 bytes <-> 10 pkts/2077 bytes][Goodput ratio: 69/68][5.38 sec][Hostname/SNI: dati.ntop.org][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: 0.028 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 650/754 5000/5000 1645/1734][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 220/208 1021/1292 308/364][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][nDPI Fingerprint: c065e46d9db9a0ceb94dd29c4017c325][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][TLSv1.2][JA4: t13d5713h2_131602cb7446_e802cdec6a7f][JA3S: 410b9bedaf65dd26c6fe547154d60db4][Firefox][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0]
42 UDP 192.168.1.6:50036 <-> 52.114.250.137:3478 [proto: 78.38/STUN.TeamsCall][Stack: STUN.TeamsCall][IP: 276/Azure][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 78.38/STUN.TeamsCall, Confidence: DPI][DPI packets: 9][cat: VoIP/10][Breed: Acceptable][5 pkts/1390 bytes <-> 4 pkts/733 bytes][Goodput ratio: 85/77][4.06 sec][bytes ratio: 0.309 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/100 1003/774 2235/2092 994/932][Pkt Len c2s/s2c min/avg/max/stddev: 228/174 278/183 314/198 33/10][Mapped IP/Port: 93.71.110.205:16333, 52.114.250.137:3480][Peer IP/Port: 18.140.192.228:28678, 45.143.25.227:20229, 201.221.32.65:43863][PLAIN TEXT (rtcmedia)][Plen Bins: 0,0,0,0,44,11,11,11,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

2
tests/cfgs/ndpireader_conf_file/result/shadowsocks.pcap.out
View file

@ -24,8 +24,8 @@ Patricia protocols IPv6: 0/0 (search/found)
Unknown 15 68444 1
SOCKS 29 69355 1
Acceptable 29 69355 1
Unrated 15 68444 1
Acceptable 29 69355 1
Unspecified 15 68444 1
Web 29 69355 1

3
tests/unit/unit.c
View file

@ -295,7 +295,8 @@ int serializeProtoUnitTest(void)
ndpi_proto.proto.master_protocol = NDPI_PROTOCOL_TLS,
ndpi_proto.proto.app_protocol = NDPI_PROTOCOL_FACEBOOK,
ndpi_proto.protocol_by_ip = NDPI_PROTOCOL_FACEBOOK,
ndpi_proto.category = NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK;
ndpi_proto.category = NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK,
ndpi_proto.breed = NDPI_PROTOCOL_FUN;
NDPI_SET_BIT(risks, NDPI_MALFORMED_PACKET);
NDPI_SET_BIT(risks, NDPI_TLS_WEAK_CIPHER);